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Which  is  the  bogus  box? 


Which  package  contains  a  counterfeit  Cisco  voice  interface 
card?  Find  the  answer  on  page  35. 

Fake  network  gear 
can  be  hard  to  spot 


Counterfeit  network 
gear  has  popped  up 
in  the  channel  and 
could  be  in  your 
organization. 

BY  DEB  RADCLIFF 

Subnets  began  dropping  off 
the  MortgagelT  network  one 
after  another.  Entire  bank 
branches  went  offline  for 
days  as  Joe  Bruner,  network 
engineering  manager  at  the 
time,  scrambled  to  purchase 
and  install  replacement  parts. 

At  first,  he  figured  some  of 
the  new  WAN  interface  cards 
(WIC)  he  recently  installed  to 
upgrade  50  Cisco  281 1 


routers  during  expansion  and 
reorganization  were  faulty. 

But  as  more  routers  failed 
and  dropped  off  the  network, 
Bruner  realized  he  was  deal¬ 
ing  with  fakes. 

Thirty  cards  turned  out  to  be 
counterfeit,  he  says.  Despite  re¬ 
peated  calls  and  e-mails  to  his 
supplier,  Atec  Group,  the  issue 
was  not  resolved. 

Nor  did  he  get  an  answer  to 
the  most  important  question: 
How  did  a  registered  Cisco 
reseller  (also  a  platinum  Net¬ 
work  Appliance  partner  and 
gold  partner  to  Microsoft  and 
Symantec)  acquire  the  coun¬ 
terfeit  WICs  in  the  first  place? 

See  Counterfeit,  page  34 


Cisco  looks  to  push 
high-end  IP  video 


BY  PHIL  H0CHMUTH 

Cisco  this  week  is  expected  to  launch  its  long- 
anticipated  video  communications  technology  —  a 
combination  of  life-size  displays  and  high-definition 
IP  video  designed  to  let  customers  replace  in-person 
meetings  with  long-distance  virtual  powwows. 

With  the  technology  costing  $250,000  a  room  and 
requiring  15Mbps  of  bandwidth,  however,  it  remains 
to  be  seen  whether  only  the  largest  companies  have 
the  budgets  and  capacity  to  embrace  it.  Some  indus¬ 
try  watchers  say  telepresence  products  will  never  get 
beyond  being  a  niche  IT  luxury  for  a  rarified  group  of 
executives.  Plus,  Cisco  is  entering  the  market  almost 
12  months  behind  other  telepresence  competitors 
such  as  HP  which  already  has  claimed  customers 
PepsiCo,  Dreamworks  and  chipmaker  Advanced 
Micro  Devices. 

Cisco  CEO  John  Chambers  has  hinted  about  the 
company’s  telepresence  effort  over  the  last  nine 
months  in  interviews  and  at  industry  events. 


“Video  communications  is  the  most  effective  way 
to  communicate,”  he  said  at  the  Interop  Conference 
in  Las  Vegas  in  May.  “If  you  ask  me  what  excites  me 
the  most  . . .  I’ll  say  it’s  telepresence  —  the  ability  to 
interface  with  customers  [all  around  the  world]  in  a 
way  that’s  not  just  about  videoconferencing.” 

He  is  excited  specifically  about  the  Cisco  Tele- 
Presence  1000  and  TelePresence  3000  systems, 

See  Cisco,  page  16 

Extreme  CEO  on  hot  seat 

•  How  he  plans  to  attack  competi¬ 
tors  Cisco,  Nortel  and  others. 

•The  company’s  wireless  strategy. 

•  How  he'll  set  advanced  switching 

Mark  Canepa  directions.  Page  12. 

Cisco  launches  unified  network  access  client. 

Page  12. 


Security  start-ups  to  watch 

These  10  companies  are  taking  on  the  industry  giants. 


BY  CARA  GARRETSON  AND  ELLEN  MESSMER 

These  are  tricky  times  for  enterprise  security 
start-ups. 

Breaking  into  this  vast  and  diverse  technol¬ 
ogy  market  means  more  than  just  having  a 
good  product;  newcomers  need  to  bring 
revolutionary  technology  an  elegant  reso¬ 
lution  to  a  vexing  problem,  an  offering  that 
integrates  unusually  well  with  the  world 
around  it  —  something  to  distinguish  it  from 
the  crowd.  At  the  same  time,  security  is  such  a 
strategic  issue  for  enterprises  that  few  are  willing  to 
put  their  money  behind  a  young  company  that 
doesn’t  already  have  a  few  Fortune  500  entries  on  its 
customer  list. 

“In  security,  you  want  to  be  the  best.  There  aren’t 
many  customers  out  there  that  will  brag  they  have 


the  second-best  security  solution,”  says  Mark 
Levine,  managing  director  with  Core  Capital  in 
Washington,  D.C. 

Security  start-ups  also  are  challenged  by  the 


r0 


existence  of  a  few  behemoths  —  including 
Symantec,  McAfee  and  Trend  Micro  —  that 
dominate  the  market  and  often  eclipse 
r  best-of-breed,  point  solutions  with  the 
promise  of  one-stop  shopping  for  multiple 
security  needs  (www.nwdocfinder.com/5728). 

In  addition  to  start-ups  with  revolutionary  tech¬ 
nology,  some  young  companies  are  turning  heads 
because  security  is  at  the  heart  of  their  products 
even  though  the  function  of  the  products  is  to  per¬ 
form  something  unrelated. 

“We  didn’t  view  this  as  an  investment  in  a  security 

See  Security,  page  24 
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Dual-core. 
Do  more. 


.INFRASTRUCTURE  LOG 

_DAY  25:  They’re  in  the  cafeteria!!  AAAGGGHHH!!  These 
useless  things  can’t  work  with  each  other.  They  aren’t 
scalable.  They  aren’t  responsive.  And  you  can’t  adjust 
new  capacity  on  the  fly.  The  horror. 

_So  many  of  them,  I  have  to  eat  standing  up.  My  arches 
are  killing  me.  And  I  got  avocado  on  my  shirt. 

_DAY  26:  The  answer:  IBM  BladeCenter®  with  Dual-Core 
Intel®  Xeon®  Processors  to  boost  performance  and  balance 
workloads.  Its  self-automating  features  make  it  easy 
to  manage,  and  it  has  more  blades  per  chassis  for  a 
smaller  footprint.  The  BladeCenter  even  opened  up  its 
specs,  so  the  things  we  buy  today  can  work  with  the 
things  we  buy  tomorrow. 

_I  can  eat  my  turkey-avocado  sandwiches  in  peace  again. 
Mmmmm . . . 
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NetVanta  7100 
Integrated  IP  PBX,  Voicemail, 
Auto  Attendant,  Router,  24-port 
PoE  Switch,  VPN,  Firewall 

ADTRAN  offers  a  broad 
range  of  IP  phones  to 
meet  your  business 
|  communication  needs 


The  ADTRAN  NetVanta®  7100  is  the  newest  addition  to  our  field- 
proven  suite  of  NetVanta  switches,  routers  and  VPN/Firewall  solutions, 

This  new  IP  PBX  with  integrated  switch-router — an  Office  in  a  Box — 
provides  a  complete  solution  for  growing  small  and  medium 
■  businesses.  Your  office  communications  can  be  up  and  running 

quickly  and  smoothly  with  this  converged  IP  platform. 


A  NetVanta  7100: 

A  phone  system  and 
data  network, 

all  in  a  single  device 


Imagine  a  comprehensive  telephony  and  data  networking 
solution  that  consolidates  voice,  data,  Internet  and  security7 
all  in  a  single  device. 


High  costs  for  communications  are  now  a  thing  of  the  past. 

With  ADTRAN,  you  can  easily  lower  your  total  cost  of  ownership.  Every 
NetVanta  includes  ADTRAN's  100%  satisfaction  guarantee,  backed 
by  industry-leading  technical  support  (before  and  after  the  sale), 
free  firmware  upgrades,  and  a  full  5-year  warranty. 


www.  ad  t  ran.  com/ip  t 

1.800  9 ADTRAN 

(923-8726) 


The  Network  Access  Company 


Copyright  ©  2006  ADTRAN  Inc.  AH  rights  reserved.  ADTRAN  and  NetVanta  are  registered 
trademarks  of; ADTRAN.  Inc  Five-year  warranty  applies  in  North  America  and  Europe. 
Polycom  is  a  registered  trademark  of  Pplycom,  Inc.  EN09B091806NWW 
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Watch  out  for  fake 
network  equipment 

Counterfeit  gear  has  popped  up  in  the  channel 
and  could  find  its  way  to  your  LAN.  Page  1. 


■  Small  dots  on  the  surface  of  this  fake  WAN 
interface  card  simulate  the  texture  of  an 
authentic  card. 
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I  CLEAR  CHOICE  ipi 


Clear  Choice  Test: 

WideBand's  managed  Ethernet  switch  is  fast  and  affordable. 

Page  37. 

The  New  Data  Center 

This  final  installment  in  our  six-part  New  Data 
wireless  trends  for  your 
includes  a  look  at  six 
,  challenges (^integrating 


Microsoft  says  reported  IE  7  bug  not  in  browser 

■  A  flaw  that  research  firm  Secunia  said  it  discovered  in 


Internet  Explorer  7  just  hours  after  its  unveiling  is  not  a 
browser  bug  after  all,  Microsoft  said  last  week.  Instead,  the 
problem  lies  in  a  component  of  Microsoft’s  Outlook  Express 
e-mail  client,  which  can  be  triggered  by  the  browser.  The  flaw 
could  be  used  in  phishing  attacks  to  read  sensitive  informa¬ 
tion  from  the  Internet  Explorer  browser,  Secunia  said. The 
security  firm  reported  the  problem  with  the  Internet 
Explorer  6  browser  in  April  and  found  that  it  could  be  repro¬ 
duced  on  Internet  Explorer  7.  Secunia  does  not  consider  the 
problem  to  be  critical,  but  it  was  widely  reported  because  its 
discovery  came  so  soon  after  Internet  Explorer  7’s  launch. 
“These  reports  are  technically  inaccurate,”  wrote  Christopher 
Budd,  a  security  program  manager  with  Microsoft,  in  a  blog 
posting.“The  issue  concerned  in  these  reports  is  not  in 
Internet  Explorer  7  (or  any  other  version)  at  all.” 


FBI  says  ISPs  should 
keep  records  longer 

■  ISPs  may  be  under  further  pressure 
to  provide  the  government  with  cus¬ 
tomer  information.  FBI  Director  Robert 
Mueller  last  week  said  he  wants  ISPs  to 
hold  on  to  customer  data  —  which  typ¬ 
ically  is  deleted  within  a  few  months 
—  to  help  law  enforcement.  The  fed¬ 
eral  government  says  this  customer 
information  could  help  the  govern¬ 
ment  track  down  possible  terrorist 
threats,  as  well  as  find  other  criminals, 
such  as  online  predators. “Today,  terror¬ 
ists  coordinate  their  plans  cloaked  in 
the  anonymity  of  the  Internet,  as  do 
violent  sexual  predators  prowling  chat 
rooms,”  Mueller  said  in  a  speech  to  the 


International  Association  of  Chiefs  of 
Police  in  Boston.  “According  to  our 
Cyber  Division,  nearly  one  out  of  three 
computer  users  has  experienced  some 
type  of  negative  incident.  All  too  often, 
we  find  that  before  we  can  catch  these 
offenders,  [ISPs]  have  unwittingly 
deleted  the  very  records  that  would 
help  us  identify  these  offenders  and 
protect  future  victims.”  Industry  watch¬ 
ers  believe  the  FBI’s  request  will  fuel 
arguments  over  privacy  and  infringe¬ 
ments  on  civil  liberties. 

New  Trojan  horse  lures 
e-mail  users  with  photos 

■  Researchers  at  IT  security  vendor 

See  News  Briefs,  page  6 
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Newsbits 


News  Briefs 

continued  from  page  5 

Sophos  last  week  warned  of  a  new  spyware  Trojan 
horse  that  promises  racy  pictures  of  the  teenage 
Russian  pop  group  t.A.T.u.as  a  means  to  entice  e-mail 
users  to  click  on  a  malicious  attachment.The  Banito- 
BE  Trojan  horse,  according  to  Sophos,  has  been 
spammed  out  to  e-mail  addresses  worldwide  promis¬ 
ing  intimate  information  on  the  duo,  best  known  for 
their  schoolgirl  outfits  and  sexually  charged  perform¬ 
ances.  The  e-mail  has  three  files  attached,  one  of 
which  could  give  hackers  access  to  PCs, Sophos  says. 
TATU.CHM  is  a  malicious  compressed  HTML  help 
file,  which  offers  an  album  of  images  but  also  opens 
up  the  PC  to  malicious  activity  Sophos  says  the  poten¬ 
tial  harm  of  such  files  includes  data  and  ultimately 
financial  theft.To  avoid  infection,  e-mail  users  should 
not  click  on  the  attachment  and  IT  departments 
should  implement  e-mail  gateways  to  protect  their 
PCs  in  a  consolidated  manner,  Sophos  recommends. 

Harvard  takes  Blue  Gene  to  heart 

■  IBM  last  week  announced  that  Harvard  University 
is  using  an  IBM  Blue  Gene  supercomputer,  which 
holds  the  title  as  the  fastest  supercomputer  in  the 
world,  to  support  research  into  the  human  heart  and 
circulatory  system.  Harvard’s  Division  of  Engineering 
and  Applied  Sciences  is  deploying  a  Blue  Gene 
System  that  includes  4,096  PowerPC  processors  in 
two  racks,  covering  an  area  of  less  than  32  square 
feet.  IBM  says  the  system  uses  four  times  less  space 
and  five  times  less  power  than  a  traditional  cluster 
providing  equivalent  processing  power.  The  deploy¬ 
ment  is  the  largest  Blue  Gene  system  in  academia, 
IBM  says.  A  larger  version  is  running  at  the  Lawrence 
Livermore  National  Laboratory  and  is  ranked  as  the 
fastest  supercomputer  in  the  world.  The  system  at 
Harvard  is  called  the  CrimsonGridBGL  and  is  an 
expansion  of  the  Crimson  Grid,  which  is  a  more  tra¬ 
ditional  computing  grid  that  IBM  deployed  at 
Harvard  in  2003. 

Oracle  finally  taking  Linux  plunge? 

■  Reports  are  swirling  again  that  Oracle  wants  to  get 
cozier  with  Linux  and  at  least  one  financial  analyst 
says  customers  can  expect  a  tighter  Linux-based 
appliance  from  the  database  and  application  vendor 
by  the  end  of  the  month.  Industry  experts  say  such  a 
move  would  be  good  news  for  small  and  midsize  cus¬ 
tomers,  who  would  be  the  likely  target  of  preconfig¬ 
ured  Ubuntu  Linux-based  packages  from  Oracle. 
Ubuntu,a  European-based  Linux  distribution  firm, has 
gained  widespread  popularity  on  the  desktop  and 
released  a  server  version  earlier  this  year  and  is 
rumored  to  be  working  with  Oracle.  Neither  Oracle 
nor  Ubuntu  could  be  reached  for  comment.  In  May, 
Ubuntu  announced  that  its  server  version  would  sup¬ 
port  Sun’s  UltraSparc  T1  systems.  Support  for  Oracle 
applications  would  help  push  Ubuntu  into  more 
enterprise  data  centers,  analysts  say  “We  have  heard 
that  Ubuntu  is  currently  working  to  certify  its  recently 


introduced  server  [operating  system]  to  all  of  Oracles 
major  products,  including  database  and  middleware,]^ 
writes  Katherine  Egbert,  an 
analyst  at  Jefferies  &  Company, 
in  a  research  note  on  Red  Hat 
issued  last  Friday  The  move, 

Egbert  says,  “is  perhaps  the  fallout  from 
an  attempt  by  Red  Hat  and  Oracle  to 
work  more  closely  together!’ 


IT  spending  down 

■  Forrester  Research  projects  U.S.  IT  spend¬ 
ing  in  2006  to  fall  short  of  previous  expecta¬ 
tions  and  next  year’s  results  to  be  even  weak¬ 
er.  Forrester,  which  bases  its  spending  forecasts  partly 
on  data  distributed  by  the  U.S.  Department  of 
Commerce,  reports  that  adjusted  spending  figures 
from  the  government  for  2004  and  2005  investments 
have  forced  Forrester  to  lower  its  expectations  for 
spending.  For  instance,  the  Commerce  Department 
lowered  its  figures  on  investment  in  overall  IT  by  $35 
billion  in  2005  and  $15  billion  in  2004.  PI  us,  slow¬ 
downs  in  spending  among  leading  global  IT  vendors 
through  this  year’s  first  two  quarters  —  another  mea¬ 
sure  Forrester  uses  to  project  overall  spending  — 
indicate  a  spending  stall  going  forward. 


TheGoodTheBadTheUgly 

Lap  <  The  greatest  wireless 
device  or  them  all.  say  happy 

50th  anniversary  to  the  remote  control,  which 
Zenith  introduced  as  the  Space  Command  in  1956.  Robert 
Adler  led  a  team  that  developed  the  ultrasonic  device. 
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“We  think  spear  phishing 
attacks  will  become  more 
prevalent  as  phishers  are  more 
able  to  harvest  publicly  avail¬ 
able  information  to  personalize 
each  attack. . .  .This  kind  of 
attack  will  be  more  dangerous 
than  what  we’re  seeing  today.” 

Jacob  Ratkiewicz,  University  of  Indiana  researcher 

See  story  at  www.nwdocfinder.com/5781 

Spamhaus  keeps  domain  name 

■  A  U.S.  judge  has  denied  an  order  that  would  have 
suspended  the  domain  name  for  The  Spamhaus 
Project,  averting  a  potential  quagmire  over  how  U.S. 
legal  rulings  apply  across  the  global  Internet. 
Spamhaus,  a  group  of  computer  security  experts 
based  in  London,  creates  a  database  used  by  security 
vendors  to  block  unsolicited  bulk  e-mail.  Last  month, 
an  e-mail  marketing  company  e360  Insight,  won  an 


EMC  layoffs  loom.  Even  as  EMC  expands 
beyond  network  storage  technology  into  security,  vir¬ 
tualization  and  content  management,  it  is  preparing  to 
cut  as  many  as  1,250  jobs  in  the  wake  of  21  acquisitions  made 
over  the  past  three  years.  The  company's  workforce  has  grown 
from  17,500  to  31,000  during  that  time.  Middle  managers  will  be 
targeted,  but  R&D  and  customer-facing  positions  will  be  largely 
spared,  the  company  says. 

At  last,  an  honest  vendor,  we  got  a  pitch  last  week 

inviting  us  to  speak  to  the  president  of  a  previously  secretive  business 
intelligence  software  company  emerging  from  "steal  mode."  Yeah,  we 
know  what  they  meant,  but  it's  still  funny. 

$11.7  million  judgment  against  Spamhaus  in  U.S. 
District  Court,  Northern  District  of  Illinois.  The  ruling 
also  called  for  Spamhaus  to  remove  e360  from  its 
blacklists.  Spamhaus,  which  has  been  sued  in  the 
United  States  several  times,  typically  ignores  the  rul¬ 
ings.  It  says  U.S.  courts  do  not  have  jurisdiction  over  it 
because  the  group  is  based  in  the  United  Kingdom. 
Spamhaus  maintains  that  e360’s  e-mail  constitutes 
spam  and  violates  U.K.  law.  The  U.S.  lawsuits  against 
Spamhaus  typically  end  there,  but  earlier  this  month 
e360  raised  the  stakes.  On  Oct.  6  it  asked  the  U.S.  court 
to  force  the  Internet  Corporation  for  Assigned  Names 
and  Numbers  and  Spamhaus’  domain  registrar, 
Tucows,to  suspend  its  domain  name. 

Study:  State  e-recycling  wasteful 

■  The  lack  of  a  nationwide  e-waste  program  in  the 
United  States  will  cost  taxpayers  millions  of  dollars  as 
states  duplicate  efforts,  according  to  a  study  released 
last  week.  Four  states  that  have  begun  e-waste  pro¬ 
grams  to  recycle  electronic  equipment  will  generate 
$25  million  a  year  in  “dead  weight”  costs  such  as  re¬ 
dundant  program  administration,  enforcing  manufac¬ 
turer  and  retailer  compliance,  and  excluding  out-of- 
state  waste  from  the  state’s  program,  said  the  study  by 
the  National  Electronics  Recycling  Infrastructure 
Clearinghouse.  Electronics  manufacturers  and  retail¬ 
ers  would  pay  $1 1.4  million  of  those  costs,  while  state 
governments  would  pay  $4.4  million.  California,  Mary¬ 
land  and  Maine  have  begun  recycling  computer  hard¬ 
ware  and  other  electronics  equipment,  and  Washing¬ 
ton  is  scheduled  to  implement  a  program  by  January 
2009.  If  20  states  adopt  e-waste  programs,  the  redun¬ 
dant  cost  to  taxpayers  would  be  $125  million  a  year. 


“I’m  sorry,  sir,  we ’ve  sold  out 
of  this  model,  but  I  can  sell 
you  the  demo  model  for  a 
third  of  the  price.  The  down¬ 
side  is  it’s  100  times  the  size. ' 


Ron  Eck  wins  our  latest  Weekly  Caption  Contest.  Join  us  each  Monday  for  the  start 
of  a  new  round,  www.networkworld.com/weblogs/layer8 


row  iJEF 


>'■  *  •  '  * 


vvv vvvvvvyv 


Of  course  we  can  sell  you  new  servers. 

(Better  yet,  we  can  custom  configure  them  too.) 


Not  only  is  CDW  a  resource  for  great  technology,  we  also  offer  extensive  custom  configuration  services  to 
get  your  systems  up  and  running  quickly.  It's  all  meant  to  save  you  time,  money  and  valuable  resources.  So 
the  next  time  you  need  configuration  services,  turn  to  the  experts.  Turn  to  CDW. 


Configuring  Your  System,  To  Your  Specs 

Every  day,  2,100  systems  are  custom  configured  as  we  make  use  of  our 
24,000-sqaure  foot  state-of-the-art  configuration  center. 


Imaging  Any  Way  You  Need  It 

Save  time  and  resources  by  having  us  preload  third-party  software,  as  well 
as  transfer  any  customized  OS  or  software  setting  to  new  computers. 


Tracking  Technology  Assets 

CDW  can  tag  all  of  your  assets,  then  provide  your  company  with  a  customized 
extranet  to  identify  and  track  products  quickly  and  easily. 


Restoring  Disks  and  Peace  of  Mind 

We  help  you  avoid  disaster  before  it  hits  by  creating  custom  restore  disks  to 
ensure  rapid  backup  in  emergency  situations. 


The  Right  Technology.  Right  Away, 


CDW.com  •  800.399.4CDW 


©2006  CDW  Corporation 
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From  our  online  forums 

m  Overspending  on  UP 

Gartner  predicts  IT  will  over¬ 
spend  by  billions  of  dollars  on 
software  and  equipment  over 
the  next  few  years.  One 
NetworkWorld.com  user  won¬ 
ders  who  will  come  out  with  a 
survey  showing  how  IT  is  over¬ 
spending  on  consultants:  “Net¬ 
working  equipment  companies 
create  new  technology  so  IT 
will  purchase  it.  Gartner’s  moti¬ 
vations  are  not  more  nobler, 
they  are  in  it  for  a  profit  as  well. 
The  bottom  line  is  Gartner  is 
throwing  out  a  sensational 
headline  to  get  attention  to 
their  consulting  and  research 
services."  Your  thoughts? 
www.nwdocfinder.com/5752 

■  Halloween  costume 
contest  winner.  The  verdict 
is  in  and  we  have  a  winner. 
Check  out  his  fancy  duds. 
www.nwdocfinder.com/5753 

■  Carriers  and  spam. 

Columnist  Daniel  Briere  wrote 
recently  that  carriers  should  be 
doing  more  to  stop  spam.  User 
huntington6,  however,  finds  that 
a  slippery  slope:  “Once  we 
hand  the  content-censor  baton 
to  ISPs,  why  stop  them  at 
e-mail  content?  What  about  all 
that  other  trashy  content,  over 
on  the  Web  and  Usenet  sides, 
as  well?  I  share  Mr.  Briere's  dis¬ 
like  for  spam.  But,  absent  a 
benevolent,  fair-minded  censor, 
I'd  fear  us  going  there. 
www.nwdocfinder.com/5754 

■  Apple’s  virus-laden 

iPods.  User  Ron  is  amused 
to  read  that  Apple  blames 
Windows  vulnerabilities  for  a 
virus  on  a  small  number  of 
new  iPods:  “So  does  this 
mean  that  if  iPod  were  not 
Windows  compatible  they 
would  have  left  it  on  there 
because  it  doesn’t  affect 
Macs?  Very  cheap  shot  of 
them  to  try  to  blame  Windows 
for  a  product  they  didn't  prop¬ 
erly  test.’  www.nwdocfind 
er.com/5755 

■  McDonald’s  spyware¬ 
laden  MP3  players.  Ron  is 

also  amused  by  a  report  that 
McDonald's  in  Japan  gave 
away  MP3  players  infected 
with  spyware. 

www.nwdocfinder.com/5756 
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FOLLOW  THESE  LINKS  TO  MORE  RESOURCES  ONLINE 


BL060SPHERE 

Accessible  Web  sites 

Plus:  A  report  on  Ms.  Dewey,  and  is  the  soup  at  its  boiling  point? 


Accessible  Web  sites.  On  her  Tech  Exec  blog, 
columnist  Linda  Musthaler  discusses  ways  to 
make  Web  sites  readable  by  people  with  visual 
handicaps  —  and  why  it  matters.  She  quotes 
from  a  reader  who  tells  her, “Doing  the  right  thing 
in  spite  of  splitting  hairs  with  what  is  law  and 
what  is  not  is  the  right  way  to  go.” 
www.nwdocfinder.com/5764 

Sassy  search.  On  Compendium,  Executive 
Editor  Adam  Gaffin  reports  on  Ms.  Dewey,  a 
Flash-based  search  engine  that  lets  you  interact 
with  a  sultry  search  siren  sitting  in  a  Max 
Headroom-like  environment:  “If  you  call  her  up 
and  then  don’t  actually  ask  her  anything,  she’ll 
get  impatient  and  bend  over  her  counter  and 
rap  on  your  monitor  screen,  or  just  pout, or  plead 
with  you  to  ask  her  something  so  she  can  learn 
more  and  take  over  the  world.  Or  something. 
When  you  finally  break  down  and  do  ask  her  a 
question,  she’s  actually  pretty  slow  in  getting 


results,  but  you  might  not  care  (for  added  fun, 
ask  her  to  take  her  clothes  off).” 

www.nwdocfinder.com/5765 

Too  many  cooks  spoil  the  hot  soup?  On 

Buzzblog,  Paul  McNamara  wonders  about  hot 
soup.com,  which  promises  to  provide  a  forum 
for  people  such  as  Bill  and  Hillary  Clinton, 
Lance  Armstrong  and  Jon  Bon  Jovi:  “Based  on 
what  I’ve  read  about  the  enterprise,  it  seems  like 
MySpace  meets  Wikipedia  meets  The  Huffington 
Post  meets  Free  Republic  meets  Digg:This  isn’t  a 
mashup,  it’s  more  like  a  train  wreck  waiting  to 
happen  —  at  least  sight-unseen.” 
www.nwdocfinder.com/5766 

The  next  Google  killer?  The  Alpha  Doggs  sniff 
out  a  new  search  engine,  called  Powerset,  that 
uses  natural-language  search  queries.  (So,  sort  of 
like  Ask  Jeeves  once  promised,  only  better?) 

www.nwdocfinder.com/5767 


Hot  Seat  interviews,  the  coolest  tools,  and  more 


Hot  Seat: 
Rogue 
squadron. 

Mazu  CEO 
Paul  Brady 
talks  with  John  Gallant 
about  internal  security 
methods  that  go  beyond 
firewalls  and  intrusion- 
prevention  systems. 
www.nwdocfinder.com/5776 


Cool  Tools: 

Makin’ 
copies. 

Keith 
Shaw 

impresses  the  marketing 
department  with  the  Bravo 
SE  Disc  Publisher  from 
Primera,  which  quickly 
duplicates  and  prints  multi¬ 
ple  copies  of  CD  or  DVD 
content. 

www.nwdocfinder.com/5775 


Twisted  Pair: 

Podcast. 

Jason 
Meserve 
and  Keith 
Shaw  chat  about  several 
Microsoft  security  issues 
and  whether  IT  managers 
are  better  off  at  small  or 
large  companies,  and  try  to 
diagnose  the  symptoms  of 
Internet  addiction. 
www.nwdocfinder.com/5777 


ASK  THE 

HELPDESK  Find  the  answers  to  these  prickly  problems  online. 

This  week:  Building  a  wireless  network  inside  a  steel  cage. 


Help  desk  guru  Ron  Nutter  helps  a  user  build 
a  wireless  network  inside  a  steel  cage. 

Help  Desk  response: 
www.nwdocfinder.com/5757 


Security  newsletter  writer  M.E.  Kabay  shows 
how  to  ferret  out  image  forgeries. 

Help  Desk  response: 
www.nwdocfinder.com/5759 


Analyst  Robin  Gareiss  explains  the  need  for 
chief  branch  officers. 

Help  Desk  response: 
www.nwdocfinder.com/5758 


Storage  newsletter  writer  Mike  Karp  examines 
the  need  for  protective  software  for  legal 
issues.  Help  Desk  response: 
www.nwdocfinder.com/5760 


BEST  OF  NW’S 

NEWSLETTERS 

Ping  and 
Tracert:  We 
lose,  the 
hackers  win 

Plus:  What  NetWare 
users  hate  about 
Linux. 

Wide-area  networking:  Ping 
is  a  command  that  was  designed 
—  and  used  for  many  years  — 
to  confirm  communication  with 
and/or  round-trip  latency  to  an 
IP  address  or  URL,  but  because 
of  hackers  exploiting  the  com¬ 
mand  to  launch  denial  of  ser¬ 
vice  attacks,  ping  is  useless  as  a 
management  tool.The  same  with 
tracert.  Analysts  Steve  Taylor  and 
Larry  Hettick  explain. 
www.nwdocfinder.com/5768 

Wireless  in  the  enterprise: 

For  optimum  security  and  scala¬ 
bility  its  desirable  to  automate 
the  process  of  disabling  rogue 
Wi-Fi  devices  discovered  by  your 
wireless  intrusion  detection/pre¬ 
vention  system.  However,  you 
also  must  avoid  unlawful  disrup¬ 
tion  of  other  operators’ Wi-Fi  net¬ 
works.  Newsletter  author  Joanie 
Wexler  discusses  how  striking  a 
balance  can  be  tricky 
www.nwdocfinder.com/5769 

Service  provider  news 
report:  How  much  business  is 
your  Web  site  losing  to  cyber¬ 
squatters,  typos,  logo  misuse  and 
other  online  threats?  VeriSign 
says  it  can  help  companies  find, 
prioritize  and  resolve  these 
threats  quicker  with  a  new  ser¬ 
vice.  Senior  Editor  Carolyn  Duffy 
Marsan  reports. 

www.nwdocfinder.com/5770 

Novell  NetWare  tips:  Novell 
NetWare  Tips  newsletter  reader 
krazy  kiwi  wrote  to  author  Dave 
Kearns  with  10  reasons  why 
Linux  may  not  be  the  favorite 
operating  system  of  the  NetWare 
fan  base. 

www.nwdocfinder.com/5771 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40 
newsletters  on  key  network  topics. 

www.nwdocfinder. com/1 002 
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I  am  the  shepherd  of  resources. 
The  ringleader  of  processes. 

The  conductor  of  an  inventory 
in  transit  across  three  continents 


This  is  my  world 


I  ..  JmWWm 

My  world  runs  on 
Dynamic  Networking.  " 


The  World  According  To  Stephen 

Dynamic  Networking  from  AT&T  enables  converged  communications  across 
locations  worldwide.  By  proactively  identifying  changes  in  traffic  volume  and 
responding  in  real  time,  Stephen's  network  can  move  resources  more  efficiently, 
and  securely.  Learn  how  Dynamic  Networking  can  enable  your  business. 


The  new 


att.com/networking 
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EMC  to  roil  out  virtual  tape  libraries 


BY  DENI  CONNOR 

EMC  next  week  plans  to  roll  out 
three  new  virtual  tape  library 
appliances  that  back  up  data 
faster  and  have  greater  capacities 
than  previous  Clariion  disk 
libraries,  letting  customers  back 
up  more  data  faster  to  disk. 

EMC  also  is  expected  to  preview 
a  new  version  of  its  high-end 
Symmetrix  DMX-3  storage  array 
The  DMX-3  950  is  an  entry-level 
array  for  this  platform.  The  com¬ 
pany  also  plans  to  preview  new 
iSCSI  and  Fibre  Channel  connec¬ 
tivity  for  its  midrange  Clariion 
arrays  and  new  Navisphere  soft¬ 
ware  for  the  Clariion  that  lets  IT 
administrators  set  QoS  levels.  EMC 
also  is  set  to  preview  new  models 
of  its  network-attached  storage 
Celerra  NSX  and  NS  Series. 

EMC  declined  to  comment  on 
the  announcements. 

According  to  company  docu¬ 
ments  obtained  by  Network 
World,  the  DL4000  Series  has 
twice  the  performance  and 
capacity  of  the  previous  EMC 
CDL.The  DL4000  Series  consists  of 
three  models,  which  will  replace 


the  current  DL710,  DL720  and 
DL740.  The  new  DL4100,  DL4200 
and  DL4400  are  priced  as  much 
as  10%  lower  than  the  DL700 
series  appliances. 

Each  model  of  the  DL4000 
Series  has  4Gbps  Fibre  Channel 
and  uses  EMC’s  UltraScale  archi¬ 
tecture,  which  consists  of  PCI- 
Express  technology  to  sustain 
high  bandwidth  and  low  latency. 
The  DL4000  Series  joins  EMC’s 
low-end  DL210,  which  has  a  total 
capacity  of  24TB. 

Each  DL4000  Series  appliance 
consists  of  an  Intel  controller,  12 
4Gbps  Fibre  Channel  ports  and 
six  Gigabit  Ethernet  ports,  con¬ 
nected  to  Clariion  CX3-80  storage 
arrays  via  a  QLogic  host  bus 
adapter.  The  DL4100  and  DL4200 
perform  at  up  to  1,100Mbps;  the 
DL4400  performs  at  speeds  as  fast 
as  2,200Mbps. 

“Obviously  there  is  more  data 
that  needs  to  be  stored  for  longer 
periods  of  time;  we  need  large- 
capacity  storage  systems  to 
address  the  needs  for  consoli¬ 
dated  and  tiered  storage,”  says 
Greg  Schulz,  senior  analyst  for 


Virtual  reality 

EMC’s  new  virtual  tape  library  appliances  are  twice  as  big  and  fast  as  its  DL700  Series. 


Features 

DL210 

DL4100 

DL4200 

DL4400 

Maximum  capacity 

24TB 

170TB 

170TB 

340TB 

Write  performance 

380M  bytes/sec 

1.100M  bytes/sec 

1.100M  bytes/sec 

2.200M  bytes/sec 

Emulation  engine(s) 

Single 

Single  with  standby  option 

Dual  with  Active  Engine 
Failover 

Dual  with  Active 
Engine  Failover 

Front-end/back-end  ports 

Three 

Eight 

16 

16 

Maximum  virtual  tape  libraries 
supported 

16 

128 

256 

256 

Maximum  virtual  tape  drives 
supported 

64 

1,024 

2,048 

2,048 

Maximum  virtual  tape  cartridges 
supported 

4,096 

64,000 

128,000 

128,000 

StoragelO/'If  you  look  at  the  VTL 
market, it  continues  to  grow  —  as 
organizations  adopt  VTL  technol¬ 
ogy,  it  only  makes  sense  to  have 
bigger  and  larger  VTL  configura¬ 
tions  with  more  capacity  and 
controllers.” 

The  DL4100,  a  single  Intel  con¬ 
troller  version,  tops  out  at  170TB 
and  1,024  virtual  tape  drives.  The 


DL4200  also  has  a  maximum 
capacity  of  1 70TB,  but  unlike  the 
DL4100  it  has  two  controllers.  The 
DL4400  has  a  maximum  capacity 
of  340TB  and  can  support  as 
many  as  2,045  virtual  tape  drives. 

All  models  in  the  DL4000  Series 
support  DL  Copy,  Automated 
Control  System  Library  Server 
software  for  Sun/StorageTek  tape 


Lottery  group  bets  on  mgmt  appliance 

Multi-State  Lottery  Association  puts  its  money  on  Jumpnode  Systems’  hosted  services. 


BY  DENISE  DUBIE 

The  network  managers  behind 
the  organization  responsible  for 
doling  out  Fbwerball  and  Lotto 
numbers  across  about  31  states 
don’t  want  to  take  any  chances  on 
their  network-monitoring  tools. 

The  Multi-State  Lottery  Asso¬ 
ciation  this  year  is  betting  on  a 
management  start-up  (www.nw 
docfinder.com/5782)  that  deliv¬ 
ers  its  product  via  a  management 
appliance  and  a  set  of  hosted 
reporting  and  analysis  services. 

That’s  why  Sean  Lair,  technical 
adviser  to  the  director  at  the 
Multi-State  Lottery  Association  in 
Urbandale,  Iowa,  upgraded  his 
network-management  system  in 
March  to  a  “more  resilient  prod¬ 
uct”  from  newcomer  Jumpnode 
Systems. 

Founded  in  2004,  Jumpnode  couples  hosted 
management  services  with  an  appliance  that 
resides  in  the  customer  network,  and  distrib¬ 
utes  its  products  through  resellers  and  man¬ 
aged  service  providers.The  company  which  in 
June  garnered  more  than  $5  million  in  fund- 


Profile:  Jumpnode  {Systems 


Founded: 

Headquarters: 

Primary 

business: 

Investors: 

Management 

team: 


Origins  of 
company  name: 


July  2004 
Minneapolis 

Develops  IT  systems  and  network  management  tools,  using  an 
architecture  that  combines  preconfigured  plug-and-play  hardware 
appliances  with  software  delivered  as  a  hosted  service. 

S5.1  million  in  funding  from  Apple  Core  Holdings  and  Opticality 
Ventures  in  June  2006. 

Irfan  Khan,  president,  CEO  and  co-founder,  previously  co-founded 
Agosto,  an  infrastructure  and  operations  outsourcing  firm;  Rick 
Baker,  interim  COO,  general  counsel  and  co-founder,  previously 
oversaw  worldwide  strategy  and  operations  for  HB  Fuller  Company; 
Rob  Bajorek,  director  of  technology,  previously  worked  as  senior 
systems  engineer  at  ING  Financial  Services. 

From  an  original  concept  that  the  product  interface  should  be 
almost  game-like  —  it  should  be  so  easy  to  use  that  you  would 
jump  to  use  it.  The  term  “node"  refers  to  the  boxes. 


ing  from  Apple  Core  Holdings  and  Opticality 
Ventures,  uses  an  appliance  model  similar  to 
that  of  fellow  start-up  Kace.  Lair  says  that 
appealed  to  him,  because  he  is  short  on  staff 
and  doesn’t  have  the  time  to  patch,  maintain 
and  upgrade  software. 


“In  our  environment,  uptime  and 
availability  is  so  very  important, 
and  while  we  had  other  tools  in 
place  that  worked,  we  wanted 
something  that  could  do  more 
trending  and  reporting,  and  that 
was  very  resilient, ”he  says. 

Lair  had  been  depending  on 
Ipswitch’s  WhatsUp  Gold  software 
to  keep  network  and  Web  site  ser¬ 
vices  available  and  working 
smoothly  for  some  31  state  lottery 
groups.  The  software  worked,  but 
required  more  maintenance  and 
updating  than  he  wanted  and  did¬ 
n’t  do  enough  reporting  and 
analysis  for  capacity  planning 
across  the  multiple  Web  sites  his 
organization  hosts  for  member  lot¬ 
teries.  Like  fellow  newcomer  Klir 
Technologies,  Jumpnode  provides 
and  performs  the  analytics  that 
time-  and  budget-strapped  network  managers 
can’t  always  do. 

An  existing  vendor  proposed  Jumpnode’s 
appliance-based  product  set,  which  features 
various  connectivity  options  that  Lair  found 

See  Lottery,  page  79 


libraries,  Active  Engine  Failover, 
Legato  NetWorker  Node  Man¬ 
ager  and  the  Symantec  Net- 
Backup  Media  Server  software. 
DL  Copy  lets  administrators  repli¬ 
cate  data  between  local  or 
remote  locations. 

EMC’s  consolidated  media  man¬ 
agement  software  lets  customers 
manage  both  virtual  and  physical 
tape  pools  via  a  single  application 
interface.  Operation  of  the  Disk 
Library  is  integrated  with  the 
NetWorker  and  NetBackup  soft¬ 
ware  and  supports  cloning  of  vir¬ 
tual  to  physical  tapes  locally  or 
over  distance. 

New  software  capabilities  with 
the  DL4000  Series  include  the 
ability  to  manage  as  many  as 
eight  EMC  disk  libraries,  support 
for  twice  the  number  of  emulated 
virtual  tape  libraries  and  drives, 
and  enhanced  IP  replication 
capabilities. 

EMC’s  CDLs  compete  with 
those  from  Network  Appliance, 
IBM  and  Sun. Unlike  EMC’s  4Gbps 
performance,  IBM,  HP  and  Sun 
provide  2Gbps. 

Pricing  is  not  yet  available  for 
the  new  DL4000  Series  appli¬ 
ances,  which  are  expected  to  be 
available  in  November.  ■ 


nww.com 

Up-to-date  storage  wares 

The  Storage  Buyer's  Guide  outlines  the 
competition  in  markets  where  EMC  plays. 

www.nwdoGfinder.com/5773 


Today,  Carlo  restored  a  failed  router  in  Miami, 
rebooted  a  Linux  server  in  Tokyo,  and 
remembered  someone’s  very  special  day. 


With  Avocent  centralized  management  solutions,  the  world  can  finally  revolve  around  you.  Avocent  puts  secure 
access  and  control  right  at  your  fingertips  -  from  multi-platform  servers  to  network  routers,  your  local  data  center  to  branch 
offices.  Our  “agentless"  out-of-band  solution  manages  your  physical  and  virtual  connections  (KVM,  serial,  integrated  power, 
embedded  service  processors,  IPMI  and  SoL)  from  a  single  console.  You  have  guaranteed  access  to  your  critical  hardware 
even  when  in-band  methods  fail.  Let  others  roll  crash  carts  to  troubleshoot  -  with  Avocent,  trouble  becomes  a  thing  of  the 
past,  so  you  can  focus  on  the  present. 


Visit  www.avocent.com/special  to  download  Data  Center  Control: 


Avocent,  the  Avocent  logo  and  The  Power  of  Being  There  are  registered  trademarks  of  Avocent  Corporation.  All 
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airs 
all-in-one 
net  access 
client 

BY  PHIL  HOCHMUTH 

Cisco  last  week  launched  net¬ 
work  access-client  software  that 
gives  users  a  single-logon  inter¬ 
face  for  attaching  to  wired,  wire¬ 
less  or  remote-access  networks. 

The  Secure  Services  Client  4.0 
combines  several  network  access 
technologies  into  a  single  piece 
of  software,  giving  customers  the 
same  interface  for  corporate  net¬ 
work  access.  Cisco  says  the  soft¬ 
ware  makes  network  administra¬ 
tion  and  access  management 
easier  by  reducing  the  number  of 
user  client  applications  that  need 
to  be  distributed  and  supported. 

The  4.0  release  aggregates  a 
range  of  network  access  proto¬ 
cols  and  connection  methods, 
including  802. IX  —  a  protocol 
for  authenticating  users  to  a 
network  device  or  port,  as  well 
as  several  versions  of  the 
Extensible  Authentication  Pro¬ 
tocol.  For  wireless  access,  the 
Wired  Equivalent  Privacy  and 
Wi-Fi  Protected  Access  proto¬ 
cols  also  are  supported.  Data 
encryption  using  Temporal  Key 
Integrity  Protocol  and  Ad¬ 
vanced  Encryption  Standard 
technology  are  supported. 

The  client  software  works  with 
Cisco’s  Secure  Access  Control 
Server  —  a  network  access  man¬ 
agement  platform  and  authenti¬ 
cation  server  —  and  with  Cisco’s 
Network  Admission  Control 
architecture,  which  provides  user 
device  scanning  and  authen¬ 
tication  services  for  PCs,  laptops 
and  other  machines  attempting 
to  access  a  network. 

The  Secure  Services  Client  is  a 
desktop  and  notebook  PC  appli¬ 
cation  that  handles  identity- 
based  management  of  the  device 
and  its  user,  controlling  access  to 
the  corporate  network.  Network 
administrators  can  create  secu¬ 
rity  profiles  for  users  or  devices, 
group  them,  and  then  grant  or 
deny  access,  says  Chris  Kozup, 
manager,  mobility  solution,  with 
Cisco’s  wireless  business  unit. 

The  Secure  Services  Client  is 
based  on  technology  Cisco 
bought  in  July  from  Meeting¬ 
house  Data  Communications  for 
$43.7  million.  ■ 


New  Extreme  CEO  speaks  out 


When  a  former  server/ storage  execu¬ 
tive  takes  over  a  network  company, 
everyone  expects  change.  This  process 
is  happening  at  Extreme  Networks, 
where  new  CEO  Mark  Canepa  started 
in  August  after  a  stint  as  the  executive 
vice  president  of  Sun’s  data  manage¬ 
ment  group.  He  spoke  with  Network 
World  Senior  Editor  Phil  Hochmuth  about  his  plans  for 
Extreme,  how  he  will  compete  with  Cisco  and  the  conver¬ 
gence  of  data  center  technologies.  The  following  is  an 
edited  transcript. 

What  are  your  priorities  as  CEOP 

What  I’m  going  to  focus  on  at  least  for  the  first  few  quarters  are 
operational  kinds  of  things.The  company  is  focused  on  doing  a 
lot  of  different  things  for  its  size.  So  the  first  order  of  business  is 
really  to  do  some  market  segmentation.  It’s  a  $55  billion  Ethernet 
IP  market.  We’re  a  $400  million  revenue  [com¬ 


panies  and  then  EMC.  In  the  network  space,  there’s  a  lot  more 
pure  play  Cisco  is  Cisco  of  course.  With  a  company  like  Extreme, 
you  don’t  have  a  whole  [group]  of  other  businesses  [like  Cisco] . 
What  you’ve  got  is  nimbleness.  What  a  company  like  Extreme  can 
do  that  a  company  like  Cisco  can’t  is  to  move  quickly  and  be 
nimble. . .  .There  are  some  things  big  companies  can  do  and  they 
do  very  well.  So  when  you’re  in  a  company  this  size,  you  have  to 
realize  what  big  companies  can  do  very  well  and  just  don’t  do 
those  things. Then  find  out  what  big  companies  can’t  do  and  act 
quickly  to  do  those  things.  And  that’s  the  trick. 

Is  wireless  the  right  business  for  Extreme  to  be  in?  Gan  it  be  a  leader  in 
wireless  LANs? 

That’s  an  interesting  question.  If  you  look  at  the  wireless  market, 
it’s  about  a  $1  billion  market. You  could  equate  it  a  bit  with  sell¬ 
ing  optics.  It’s  a  connectivity  technology  So  we’re  going  to  have  to 
explore. There  are  two  ways  to  think  about  this.  One  is  the  pure 
technology  aspect:  do  you  want  to  be  in  the  business  of  develop¬ 
ing  the  hardware,  the  software,  the  sheet  metal?  The  other  is  at 
the  systems  level.  If  you  are  going  to  be  a  provider  of  sophisti¬ 
cated  enterprise  access  technology,  wireless  is 
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make  sense  and  then  let’s  really  throw  the 
whole  company  behind  them. 

We  have  the  luxury,  being  our  size,  to  pick 
some  spots.  When  you’re  this  kind  of  size, 
whatever  you  choose  to  do,  you’d  better  be 
the  best  at  it.You  have  to  punch  through 
whatever  the  big  guys  are  trying  to  do. That’s  going  to  be  the 
game  plan  over  the  next  couple  of  quarters.  Get  the  revenue 
stream  headed  in  the  right  direction;  get  that  stuff  headed  in  the 
right  direction  and  then  take  it  from  there. 

Was  Extreme  heading  in  the  wrong  direction  prior  to  you  coming  in? 

I  don’t  bring  any  preconceived  notions  either  from  being  inside 
this  company  or  from  the  network  industry  [itself]. I’m  not  a  net¬ 
working  guy  per  se,  I’m  a  computer  guy;  I’ve  been  plugging  things 
into  the  network  most  of  my  life.  I’ve  been  building  products  into 
the  network,  so  to  me  the  network  is  always  something  that’s  sit¬ 
ting  right  next  to  you.  But  I  don’t  really  come  at  this  with  a  lot  of 
preconceived  notions.  So  it’s  going  to  be  a  pretty  pragmatic 
approach  to  figure  out  what  are  our  core  competencies  and 
what  is  the  differentiation  we  are  trying  to  create.  And  what  is  the 
true  value  that  differentiation  generates?  That’s  the  pretty  basic 
question  I’m  asking  [everyone  at  Extreme]. 

So  the  challenge  is  really  that.  Let’s  take  the  wishes  away  from 
this.  Let’s  just  be  pragmatic,  and  if  it  makes  sense  it  makes  sense. 
But  let’s  not  delude  ourselves  about  what  makes  sense. 

How  will  competing  against  Cisco,  Nortel  and  others  in  the  network  mar 
ket  differ  from  competing  against  EMC,  IBM  and  HP  in  storage? 

You  have  to  attack  it  differently  If  you’re  a 
Sun,  a  big,  integrated  systems  company,  you  ^ mmm 

have  lots  of  different  things.  Sun’s  brand  strat¬ 
egy  was  built  around  Sparc  and  Solaris.The 
real  primary  job  was  to  take  care  of  a  piece  of 
a  system;  you  have  a  big  installed  base  and  a 
big  demand-creation  machine  on  the  server 
operating  system  side.  And  half  of  your  business 
is  simply  caring  for  that. 

You  had  EMC,  but  they  were  third  in  size  after 
IBM  and  HP  So  you  have  three  integrated  com- 
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More  from  the  interview 

Read  a  full  version  from  our  conversation 
with  Extreme  Networks  CEO  Mark  Canepa. 

www.nwdocfinder.com/5746 


offer  things  like  access  control  and  security 
Wireless  is  a  veritable  pool  of  viral  infection. 
It’s  a  great  way  for  hackers  to  get  into  a  com¬ 
pany;  it’s  all  over  the  place  and  you  can’t  con¬ 
trol  anything.  A  customer  who  is  nervous 
about  running  wireless  is  going  to  be  asking  a 
lot  of  questions  about  security,  and  Extreme  can  be  the  kind  of 
sophisticated  company  that  can  come  in  and  help  them.  So  we 
need  to  distinguish  a  wireless  [business]  from  the  bits-and-bytes 
[development] ,  from  wireless  as  a  piece  of  the  enterprise  [puz¬ 
zle].  We  may  end  up  with  different  answers. Within  the  next  few 
months  [we’ll  figure  out  our  strategies  as  to  what  we  want  to  be 
involved  in] .  So  far  our  strategy  has  been  to  partner  on  a  lot  of 
the  technologies. 

Do  you  feel  advanced  switching  -  high-end,  high-speed  switching  -  is 
still  Extreme’s  core  competency?  Or  has  the  company  gotten  away 
from  that? 

At  first,  Extreme’s  core  competency  was  putting  Layer  3  technol¬ 
ogy  into  Layer  2-style  hardware  and  just  blowing  away  everyone 
with  speed.  But  in  practically  every  industry,  you  never  survive  on 
speeds  and  feeds.They  get  you  going,  but  pretty  soon  you’d  better 
start  being  in  the  business  of  solving  customer  problems.  And 
most  customer  problems  are  not  reflected  in  speeds  or  feeds.  It’s 
fun  to  watch  Intel.  It  used  to  be  microprocessors  were  all  about 
megahertz  and  gigahertz.  Now  [clock  speeds]  are  gone.  Now  it’s 
called  Duos,  Centrino  . . .  anything  but  megahertz  and  gigahertz. 
So  even  the  CPU  business,  which  was  governed  by  the  numbers 
of  speeds  and  feeds,  is  changing.That  doesn’t  mean  we’re  not 

going  to  be  right  there  to  ensure  that  our  prod- 
^ — — mm ucts  are  fast.  We  have  people  on  the  standards 
committees  for  100  Gigabit  Ethernet  and  dri¬ 
ving  all  of  that.  But  you  can’t  run  a  company 
purely  on  speeds  and  feeds.  At  one  level  yes, 
but  at  another  level  we’re  going  to  be  more  of 
a  broader  company,  focusing  on  how  we  can 
solve  customer  problems  —  problems  that  are 
application  driven.  Extreme  will  be  much 
more  focused  on  what  are  the  applications, 
and  how  can  we  make  them  run  better.  ■ 


SECURING  PRODUCTIVITY 


www.websense.com/security 


PWeb  Security 
Web  Filtering 
Endpoint  Security 
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.INFRASTRUCTURE  LOG 

_DAY  16:  These  servers  are  so  hot,  we’re  running  the  A.C. 
at  full  blast,  and  the  thermometer  is  still  pushing  140! 
Had  to  relax  the  dress  code  in  the  server  room.  No  choice. 
It’s  towels  and  flip-flops  until  we  get  this  heat  problem 
under  control. 

_Gil  says  he’s  lost  a  lot  of  weight.  I  hadn’t  noticed. 

_DAY  17:  I  found  a  cooler  answer  to  our  heat  problem: 
the  IBM  BladeCenter®  with  Intel®  Xeon®  Processors  reduces 
the  overall  amount  of  power  required  by  the  system.  The 
BladeCenter  is  designed  to  respond  automatically  to  power 
events  and  can  use  up  to  37%  less  energy!  Less  power. 
Less  heat.  Less  money.  Less  stress. 

_0h,  apparently  HR  had  a  problem  with  the  dress  code  but 
couldn’t  call  and  tell  us,  since  the  phones  had  melted. 


IBM.COM/TAKEBACKCONTROL/BLADE 
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Cisco 

continued  from  page  1 

expected  to  launch  this  week.The 
high  end  of  these  multicompo¬ 
nent  packages  has  three  65-inch 
high-definition  plasma  displays, 
an  appliance  that  combines  a 
high-resolution  IP  video  camera, 
echo  cancellation,  four-channel  IP 
audio-  and  IP  video-encoding 
hardware  and  software,  and  net¬ 
work  connectivity 
The  3000  system  even  includes  a 
specially  built  half  table,  designed 
to  look  like  a  large  oval  ring  when 
it’s  combined  with  the  plasma 
screens,  which  show  an  identical 
setting  on  the  other  side  of  the 
conference  room.  Cisco  also  has 
specifications  for  the  room’s  back¬ 
ground  color  and  lighting. 

“We’re  even  in  the  furniture  busi¬ 
ness  now,”  says  Randy  Harrell, 
director  of  product  marketing  for 
Cisco’s  Telepresence  group,  which 
is  one  of  the  company’s  Emerging 
Technologies  business  units. 

“This  is  not  something  you  really 
want  to  put  in  the  same  class  as 
videoconferencing,”  says  David 
Willis,  an  analyst  with  Gartner, 

“This  is  not 
something  you 
really  want  to  put 
in  the  same  class 
as  video- 
conferencing.’’ 

David  Willis,  analyst,  Gartner 


who  has  seen  Cisco’s  and  HP’s 
telepresence  offerings  “First  off,  it 
may  actually  work  in  displacing 
meetings.  Secondly  it’s  a  much 
bigger  investment  to  pull  it  off.” 

For  companies  willing  to  spend 
and  build  the  infrastructure  to 
support  telepresence,  however,  the 
experience  is  impressive,  he  adds. 
“If  [telepresence]  is  designed  and 
implemented  properly  you  really 
can  have  a  quality  meeting  with¬ 
out  any  second  thoughts  about 
the  tech  being  there." 

The  Telepresence  systems  come 
with  a  Cisco  CallManager  IP  tele¬ 
phony  server,  used  to  administer 
the  system  and  control  the  setup 
of  Telepresence  sessions.  The  in¬ 
room  interface  for  setting  up  a 
meeting  is  a  Cisco  IP  phone, 
attached  to  the  CallManager. 
Cisco  says  the  CallManager  plat¬ 
form  also  enables  integration  with 
Microsoft  Outlook  and  Lotus 


So  close,  yet  so  lor 

Cisco'sTelePresence  3000  system  is  meant  to  create  the  illusion 
of  a  face-to-face  conference  room  meeting  via  high-definition 
displays,  audio/video  conferencing  technology  and  some  visual 
tricks. 


•  The  Telepresence  3000  comes  with  Cisco's  CallManager  5.1  call  server,  which  is 
used  to  manage  sessions.  Meetings  are  controlled  via  a  Cisco  IP  phone. 

•  Cisco  now  is  in  the  furniture  business.  A  specially  designed  semielliptical  table  — 
that  seats  users  the  proper  distance  from  the  screen  —  is  part  of  the  package. 


Notes,  which  can  be  used  to 
schedule  room  times  and  send 
e-mail  or  voice  mail  reminders  to 
meeting  participants. 

Cisco  says  it  has  designed  a 
video  codec  that  compresses  the 
three  1080p  video  streams  and 
four  audio  channels  into  a  lOM-to- 
15Mbps  IP  data  stream.  Cisco  says 
the  system’s  network  latency  is  less 
than  250  millisec, which  is  the  limit 
for  perceptible  levels  of  network 
delay  for  images  and  video. 

The  company  has  identified  25 
channel  partners  including  Di¬ 
mension  NexusIS,  Presidio,  World 
Wide  Technology  and  others 
authorized  to  offer  the  Tele- 
Presence  systems,  which  include 
services  such  as  on-site  network 
assessments  to  ensure  the  data  in¬ 
frastructure  and  carrier  services 
can  support  the  technology 
(Cisco  describes  the  setup  of  the 
system  as  a  two-day  process.  Part¬ 
ners  AT&T  and  Verizon  provide 
bandwidth  services  for  Tele- 
Presence  systems,  based  on  metro 
Ethernet  last-mile  services,  and 
MPLS  core  services  for  transport.) 

Cisco  says  the  system  uses  stan¬ 
dard  protocols,  such  as  Session 
Initiation  Protocol  for  session  set¬ 
up  and  transport.  The  Interactive 
Connectivity  Establishment,  a  pro¬ 
posed  industry  standard  support¬ 
ed  by  Cisco  and  Microsoft,  lets  sep¬ 
arate  businesses  with  a  Tele- 
Presence  system  establish  Inter¬ 
net-based  connections  securely 
through  corporate  firewalls  with¬ 
out  adding  latency  to  the  traffic 
stream. 

Building  the  Telepresence  tech¬ 
nology  was  a  two-year,  multimil¬ 
lion  dollar  development  effort  in¬ 
volving  more  than  100  engineers 
—  about  40  of  whom  were  hired 
from  outside  the  company  Cisco 
says  all  system  components  were 
developed  and  built  in-house;  it 
had  to  hire  to  account  for  its  lack 
of  expertise  in  acoustics,  cameras 
and  high-definition  plasma  dis¬ 
play  manufacturing. 

Cisco’s  Telepresence  product 
will  compete  with  products  from 
traditional  video  conferencing 
vendors,  such  as  Polycom  and 
Tandberg,  which  have  gone  into 
telepresence  by  partnering  with 
high-definition  equipment  ven¬ 
dors.  The  competitor  Cisco  will 
most  likely  butt  up  against  is  HP 
with  its  Halo  telepresence  offer¬ 
ing,  which  was  launched  last  year 
and  has  more  than  60  installa¬ 
tions  with  12  customers. 

HP’s  Halo  approach  is  similar  to 
Cisco’s  —  oversized  plasma  TV 


screens  replace  people  at  a  con¬ 
ference  table,  and  real-time  inter¬ 
action  is  delivered  via  IP  audio 
and  video  streams.  HP’s  approach 
to  telepresence  is  more  service- 
focused,  however.  With  the  Halo 
Video  Exchange  Network  (HV- 
EN),  bandwidth  services  are  pro¬ 
vided  by  carrier  partners  selected 
by  HP  and  specific  to  the  regions 
where  Halo  customers  are  lo¬ 
cated.  A  larger  pipe  is  required  — 
a  dedicated  45Mbps  T-3  link. 
Rooms  cost  as  much  as  $425,000 
to  set  up  for  Halo,  and  an  $18,000 
per-month  service  fee  is  required. 
(HVEN  includes  language  inter¬ 
preter  services.)  Halo’s  video  dis¬ 
play  is  720p  in  resolution. 

The  system  supports  multipoint 
telepresence  meetings,  where  as 
many  as  three  locations  can  be 
linked  into  the  same  meeting  —  a 
capability  Cisco  says  it  will  have 
next  year. 

“We’re  trying  to  carve  out  a 
space  at  the  highest  end  of  the 
telepresence  market,”  says  Ken 
Crangle,  general  manager  of  HP’s 
Halo  business.  “Given  what  we 
wanted  to  do,  and  what  we  had  in 
terms  of  latency  and  quality  of  ser¬ 
vice  characteristics . .  .there  wasn’t 
really  a  way  to  do  that  over  the 
public  Internet.” 

Crangle  says  HP’s  proprietary 
codecs  and  protocols  and  ser¬ 
vice-based  approach  solve  the 
issues  of  linking  across  corporate 
security  boundaries  and  ensuring 


the  low-latency  bandwidth  the 
system  requires. 

“Telepresence  is  definitely  a 
cool  technology  and  I  do  think 
Cisco  and  HP  are  on  to  some¬ 
thing,”  says  Ellen  Daley,  an  ana¬ 
lyst  with  Forrester  Research,  who 
was  shown  a  demo  of  the  Cisco 
product.  “But  this  is  way  more 
costly  than  getting  a  standard 
video  conferencing  system  set 
up.  It  will  be  a  niche  technology 
for  those  top  executives  in  big 
enterprises,  who  feel  it  will  be  an 
investment  [not  just  to]  save  on 
travel,  but  to  promote  more  face- 
to-face  interaction.” 

Analysts  don’t  expect  telepres¬ 
ence  products  to  be  a  large- 
volume  business  for  Cisco. 

‘At  $250,000  a  site,  you  don’t 
have  to  sell  too  many  of  them  to 
have  a  good  business,”  Gartner’s 
Willis  says.  ■ 
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APC  solutions  that  carry 
the  " Blade-Ready "  Logo 
are  designed  to  handle  the 
demanding  network-critical 
physical  infrastructure 
requirements  of  high  density 
blade  server  applications. 


Now  you  can  quickly  deploy  a 
standard  or  high  density  site  of  any  size 
with  scalable,  top-tier  availability. 


Part 

Number 

Usable 

IT  Racks 

Maximum 
kW  per  Rack 

Price 
to  buy 

Price  to  lease 
(36  installments) 

ISXT120KHD1R 

1 

up  to  20kW 

$63,500* 

$1,999** 

ISXT130KHD1R 

1 

up  to  30kW 

$79,500* 

$2,499** 

ISXT130KHD2R 

2 

up  to  30kW 

$94,500* 

$2,999** 

ISXT150KHD2R 

2 

up  to  30kW 

$99,500* 

$3,099** 

ISXT140KHD3R 

3 

up  to  30kW 

$119,500* 

$3,799** 

ISXT180KHD3R 

3 

up  to  30kW 

$159,500* 

$4,999** 

ISXT150KHD4R 

4 

up  to  30kW 

$166,500* 

$5,199** 

All  multi-rack  configurations  feature: 

%/ N+l  power  and  cooling 
%/ Secure,  self-contained  environment 
%/ Peak  capacity  of  20kW  per  rack 
%/  Enhanced  service  package 
%/ Integrated  management  software 
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All  solutions  are  scalable  up  to  hundreds  of  racks. 
On-site  power  generation  options  start  at  529,999 


InfraStruXure "  Manager 


What  is 
data  center 
on  demand? 


Order  your  solution  today.  Call  888-289-APCC  x371 1. 

~ ”  ‘  “*”*  . . . . *'  . . . . . .  '  ~  .  T«n  Sup*  to  Solvli 

Visit  today  and  receive  FREE  APC  White  Papers 

Visit  us  online  and  download  APC  White  Papers. 

Don't  see  the  configuration  you  need? 

Try  APC's  online  InfraStruXure®  BuildOut  Tool  today  and  build  your  own  solution. 

Go  to  http://promo.apc.com  and  enter  key  code  p584x  Call  888-289-APCC  x371 1 


Infrastructure* 

DATA  CENTERS  ON  DEMAND 

Highly  available  and  manageable, 
quick-to-install,  scalable  architecture 
that  easily  supports  both  standard 
and  high  density  applications. 

-  Up  to  20kW  a  rack  for  any 
blade  server  application 

-  Unlimited  racks 

-  Ships  in  5  days*** 

-  Installs  in  I  day*** 

-  Optional  on-site  power 
generation 

-  Raised  floor  not  required 

-  Vendor  neutral  guaranteed 
compatibility 


InfraStruXure ®  can  be  purchased  as  a 
modular,  or  mobile  system 


InfraStruXure*  BuildOut  Tool 


*  Prices  do  not  include  IT  equipment  and  are  subject  to  change.  **  Indicative  rates  are  subject  to  market  conditions.  ***  Install  and  delivery  times  may  vary. 


Legendary  Reliability® 


Chamber  Doors 

Access  to  hot  aisle, 
locks  for  security 


BLADE 

READY' 
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In  Vista,  to  license  means  to  restrict’ 


NET  INSIDER 

Scott  Bradner 


Reading  software  licensing 
agreements  is  not  the  most  fun 
thing  1  can  think  of, but  sometimes 
a  columnist  has  to  forsake  fun. 

1  spent  time  doing  this  because 
of  some  press  stories  about  both¬ 
ersome  restrictions  in  the  new 
license  for  the  home  editions  of 
Windows  Vista.  It  turns  out  this 
license  is  quite  well  written  and 
only  a  little  strange  but  does  limit 
purchasers  in  a  couple  of  ways. 

It’s  been  a  long  time  since  I  read 


through  a  Microsoft  software 
license  so  I  do  not  know  when 
they  started  using  the  English  lan¬ 
guage  (rather  than  level-23  legal- 
ese),but  it  sure  is  a  nice  thing.This 
license  (www.nwdocfinder.  com/ 

5736)  is  very  easy  to  read  and 
understand,  but  it  is  rather  long  at 
14  pages. 

I  compared  the  Microsoft  Vista 
license  with  the  Apple  license  for 
the  latest  version  of  its  operating 
system  (www.nwdocfinder.com/ 

5737) .  Apple’s  Panther  license  is 
only  three  pages  long  —  although 
it  is  in  smaller  print  —  and  con¬ 
tains  fewer  restrictions  than  the 
Microsoft  license,  but  is  nowhere 
as  clearly  written.  The  Apple 
lawyers  must  not  be  as  willing  to 
make  it  so  mortals  can  under¬ 


stand.  The  Apple  license  clearly 
states  that  the  software  is  not 
intended  to  be  used  for  control¬ 
ling  nuclear  facilities,  aircraft  sys¬ 
tems,  life  support  systems  or  any¬ 
place  where  someone  might  get 
hurt  if  the  software  failed. 

Apple  says  upfront  that  the  soft¬ 
ware  does  not  belong  to  you  — 
you  only  get  a  license  to  use  it.  It 
takes  Microsoft  five  pages  to  get 
around  to  mentioning  that,  but 
the  result  is  the  same.  Maybe 
because  this  is  the  license  for  the 
home  editions  of  Vista,  you  are 
limited  to  running  the  software 
on  two  processors  at  the  same 
time  —  this  could  be  a  problem 
in  a  few  years  considering  indus¬ 
try  directions  (my  new  Mac  pro 
has  four  cores;  I’m  not  sure  if  that 


is  two  processors  or  four). 

The  media  coverage  on  the  new 
license  focused  on  the  new  single 
license  transfer  limitation  and  the 
restrictions  on  using  the  home 
versions  of  Vista  in  virtual 
machines.  The  transfer  restriction 
says  you  can  reassign  the  license 
to  a  different  device  only  one 
time,  so  if  you  replace  your  com¬ 
puter  more  than  once  you  will 
need  to  buy  another  copy 

The  license  says  you  cannot  use 
Vista  Home  Basic  or  Home 
Premium  in  a  virtual  machine.You 
can  use  Vista  Ultimate  in  a  virtual 
machine  but  you  cannot  play  any 
content  protected  by  Microsoft 
rights  management  technologies. 
In  other  words,  you  cannot  run 
Vista  on  your  Mac  using  Parallels 


unless  you  have  the  Ultimate  ver¬ 
sion  and  then  you  cannot  play 
music  or  some  games  —  seems 
far  from  ultimate  to  me. 

The  Microsoft  license  also  says 
you  may  not  “work  around  any 
technical  limitations  in  the  soft¬ 
ware.”  Does  that  mean  you  cannot 
address  security  bugs  using  third- 
party  fixes?  The  fact  that  the  lan¬ 
guage  is  clear  does  not  mean  that 
it  all  makes  sense. 

Disclaimer:  I  hope  there  are 
classes  in  clear  language  at  the 
Harvard  Law  School,  but  I’m  not 
sure.  In  any  case,  the  above  review 
is  mine  alone. 

Bradner  is  Harvard’s  University 
Technology  Security  Officer.  He  can 
be  reached  at  sob@sobco.com. 


Identity  federation  consortium  adds  members 


New  to  the  Ibid 


InCommon  Federation,  which  is  an  identity  federation  hub  for 
higher  education,  added  a  slew  of  participants  recently, 
including  universities  and  service  providers. 


Universities; 

Service  providers; 

Miami  University 

Turnitin  (plagiarism  prevention) 

Ohio  University 

Symplicity  (career  management) 

Stanford  University 

Houston  Academy  of  Medicine  —  Texas 

University  of  Alabama  at  Birmingham 

Medical  Center  Library  (medical  content) 

University  of  California  —  Merced 
University  of  California  -  Riverside 


University  of  Chicago 


University  of  Maryland,  Baltimore 
University  of  Maryland  Baltimore  County 

University  of  Virginia 


Cdigix  (digital  entertainment  and 
educational  content) _ 

Protect  Network  (private  identity 
provider) 


BY  JOHN  FONTANA 

InCommon  Federation,  an  identity  hub 
that  helps  universities  securely  share  re¬ 
sources,  brought  more  schools  and  ser¬ 
vice  providers  to  its  fold  last  week  and  fur¬ 
ther  strengthened  its  message  that  sharing 
identity  is  essential  to  securing  distributed 
networks. 

The  federation,  which  serves  as  the  trust¬ 
ed  facilitator  and  policy  setter  for  identity 
exchanges  among  universities  and  service 
providers,  added  10  universities,  four  ser¬ 
vice  providers  and  an  independent  secu¬ 
rity  provider  to  its  hub.  It  now  has  35  in  its 
federation,  which  is  a  model  for  Internet2 
technologies. 

It  also  is  a  model  to  justify  the  benefits  of 
identity  federation,  in  which  two  or  more 
organizations  establish  trust  between  their 
identity  systems  so  users  authenticated  by 
one  company  can  access  resources  on  the 
network  of  another  company 

InCommon  is  proving  that  federation 
can  secure  information  access  among 
partners  while  ensuring  the  privacy  of 
individual  users. 

Federation  is  happening  on  a  global 
scale,  says  Tracy  Mitrano,  director  of  IT  pol¬ 
icy  at  Cornell  University  and  the  chair  of 
the  InCommon  Steering  Committee.’There 
is  no  question  that  higher  education  is 
already  participating  in  a  flat  world,  so  to 
speak,  and  federation  makes  that  possible.” 

The  InCommon  Federation  uses  the 
Shibboleth  identity  federation  architec¬ 
ture  as  the  basis  for  controlling  access  to 
the  resources  maintained  by  members. 
Shibboleth  is  based  on  the  Security 
Assertion  Markup  Language  (SAML)  and 
is  a  foundation  technology  for  Internet2’s 
Abilene  Network.  The  architecture  also 


lets  universities  and  individ¬ 
uals  set  privacy  policies  to 
control  what  type  of  user 
information  can  be  released 
to  each  destination. 

The  Internet2  consortium, 
which  is  made  up  of 
208  universities,  has  devel¬ 
oped  the  Abilene  Network 
for  education  and  high¬ 
speed  data  transfers. 

Those  transfers  are  being 
secured  through  InCom- 
mon’s  framework,  which 
requires  participants  to  share 
authoritative  and  accurate 
identity  information  and 
information  about  their  iden¬ 
tity  management  system. 

InCommon  is  not  a  hub 
that  routes  network  traffic 
but  instead  shapes  policy  for 
joining  identity  management  systems.  In¬ 
Common  members  communicate  directly 
with  one  another  over  the  Internet  and 
Abilene  Network. 

Based  on  disclosures  made  through  In¬ 
Common,  federation  members  decide  if 
they  trust  one  another’s  identity  manage¬ 
ment  systems  and  if  they  want  to  federate 
those  systems  so  they  can  exchange  SAML 
assertions  to  validate  user  authentication 
and  provide  authorization  to  access  net¬ 
work  resources.  InCommon  does  not  dic¬ 
tate  a  minimum  set  of  requirements  each 
participant’s  identity  system  must  include. 

Federation  is  one  element  of  the  explo¬ 
sion  in  technology  around  identity  man¬ 
agement,  which  is  widely  regarded  as  key 
to  securing  digital  resources  on  distrib¬ 
uted  networks. 


Major  companies  such  as  IBM,  Microsoft, 
Novell,  Oracle  and  Sun  are  building  the 
technology  into  their  identity  management 
suites.  And  independent  vendors,  such  as 
Ping  Identity  also  offer  federation  technol¬ 
ogy  which  is  used  by  such  companies  as 
American  Express  and  New  York  Life. 

The  InCommon  network  consists  of  24 
universities  (see  www.nwdocfinder.com 
/5738)  and  1 1  sponsored  partners, such  as 
new  member  Cdigix,  which  has  a  portfo¬ 
lio  of  legally  available  digital  entertain¬ 
ment  and  educational  content  for  higher 
education. 

The  company  recently  partnered  with  the 
University  of  Washington  to  offer  students 
and  facility  access  to  that  portfolio.  The 
secure  access  is  based  on  the  InCommon 
framework  so  Cdigix  can  ensure  controlled 


access  without  revealing 
users’  personal  information. 

The  University  of  Maryland 
Baltimore  County  and  Penn 
State  University  use  In¬ 
Common  as  the  basis  for  a 
partnership  with  Symplicity 
which  helps  students  man¬ 
age,  identify  and  apply  for 
internships  and  postaca¬ 
demic  careers.  Penn  State 
also  uses  plagiarism  protec¬ 
tion  services  from  Turnitin 
through  the  InCommon  net¬ 
work  so  professors  can  better 
monitor  for  plagiarism. 

InCommon  has  two  criteria 
for  trustworthiness  that  mem¬ 
bers  must  follow.Their  identity 
management  system  must  fall 
under  the  purview  of  the  orga¬ 
nization’s  executive  manage¬ 
ment,  and  the  system  for  issuing  user  cre¬ 
dentials  must  have  appropriate  risk  man¬ 
agement  measures. 

The  group  also  is  looking  to  establish  new 
criteria  to  govern  federations  where  sensi¬ 
tive  or  regulated  data  is  exchanged. 

“When  we  look  at  particular  protected 
resources  that  have  constraints  and  highly 
regulated  sensitive  data  or  services,  we  are 
looking  at  can  we  have  another  level  where 
we  establish  criteria  that  participants 
would  be  required  to  meet  in  order  to  be 
involved  in  this  new  level  of  federation,” 
says  John  Krienke,  manager  of  integrated 
operations  at  Internet2  and  operations 
manager  for  InCommon. 

InCommon  is  setting  up  a  model  for 
addressing  the  questions  that  abound 
when  organizations  federate  identities.  ■ 


INNOVATIONS  IN 
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Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 


Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ” 


JOHNNY  C.  WHITE 

CIO 

Florida  Guardian  ad  Litem  Program 


Access  your  future  today  at 
citrix.com. 


©2006  Citrix  Systems,  Inc.  All  rights  reserved.  Citrix®  is  a  trademark  of  Citrix  Systems,  Inc. 
and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States  Patent  and 
Trademark  Office  and  in  other  countries.  All  other  trademarks  and  registered  trademarks  are 
the  property  of  their  respective  owners. 
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SPECIAL  FOCUS  INSIDER  THREAT 

How  well  do  you  know  your  network? 


Monitoring  tools  aim  for  collaboration 


For  those  who  grumble  at  the  idea  of  having  to  purchase  yet 
another  security  product,  go  through  the  trouble  of  config¬ 
uring  it  to  work  with  the  existing  infrastructure  and  hope 
that  it  works  with  future  products,  vendors  in  the  network  con¬ 
tent  monitoring  market  are  taking  steps  to  make  life  easier. 

In  the  past  month,  a  few  announcements  from  these  vendors 
show  a  greater  awareness  of  the  security  market  around  them 
as  they  work  to  integrate  their  products  with  others,  in  an 
effort  that  could  signal  pending  consolidation  in  the  security 
market,  according  to  one  analyst. 

“[Users  are  saying]  'Do  we  really  want  to  spend  all  this  extra 
money  on  another  individual,  point  solution?"  says  Trent  Henry, 
senior  analyst  with  the  Burton  Group.  Partnerships  that  net¬ 
work  content  monitoring  vendors  are  making  with  others  in  the 
security  industry,  particularly  messaging  security  and  Web  fil¬ 
tering  companies  whose  products  share  some  features,  could 
go  a  long  way  to  make  buying  decisions  easier,  Henry  says. 


"That  [integration]  is  going  to  be  the  best  of  all  worlds,  provid¬ 
ing  richer  analytics,  multiprotocol  scanning  ...  and  harmonizing 
policies  between  product  groups,”  he  says. 

Among  the  recent  announcements: 

•  Reconnex  on  Oct.  9  announced  a  certification  program  for 
e-mail  gateway  products  to  ensure  these  products  work  with 
its  content-monitoring  offering.  To  date,  e-mail  security  vendors 
Barracuda,  IronPort  and  Sendmail  have  been  certified. 

•  PortAuthority  Technologies  on  Oct.  9  announced  a  partner¬ 
ship  with  endpoint  security  vendor  Safend  to  include  Port- 
Authority’s  content-aware,  policy-based  data  leak  protection  in 
its  endpoint  security  products.  The  combined  product  is  slated 
for  availability  by  year-end. 

•  PortAuthority  also  announced  plans  to  integrate  its  informa¬ 
tion  leak-prevention  technology  with  Websense’s  content  filter¬ 
ing  and  Web  security  offering. 

—  CARA  GARRETSON 


BY  CARA  GARETTSON 

he  information  security  officer  for  a 
network  of  healthcare  centers  in 
New  York  found  an  employee  send¬ 
ing  confidential  payroll  information 
to  a  recruiter.  A  California-based  semicon¬ 
ductor  manufacturing  technology  pro¬ 
vider  caught  a  worker  e-mailing  Power¬ 
Point  slides  detailing  product  plans  to  a 
former  colleague  at  a  competitor  to  show 
off  the  “cool  things”  he  was  working  on.  A 
network  administrator  for  a  school  district 
in  Indiana  nabbed  a  student  trying  to  fina¬ 
gle  school  lunch  account  information 
stored  on  an  off-limits  server. 

These  are  just  some  of  the  things  you  can 
learn  when  you  take  a  good  look  at  what 
goes  on  inside  your  network. 

“Oh,  you’d  be  surprised,”  says  Mark 
Moroses, senior  director  of  technical  ser¬ 
vices  and  information  security  officer 
with  Maimonides  Medical  Center  in 
Brooklyn,  who  found  an  employee 
instant-messaging  payroll  information  — 
including  Social  Security  numbers  —  to 
a  recruiter. 

That  discovery  came  about  three  years 
ago  when  Maimonides  was  looking  for  a 
way  to  better  control  who  was  accessing 
information  on  its  network,  per  Health 
Insurance  Portability  and  Accountability 
Act  specifications,  and  because  the  com¬ 
pany  has  to  give  network  access  to  users 
who  aren’t  employees,  such  as  referring 
doctors.  Maimonides  brought  in  security 
vendor  Reconnex,  which  set  up  a  risk 
assessment  test  that  monitored  the  net¬ 
work  for  48  hours. 

‘An  eye-opening  experience' 

“It’s  an  eye-opening  experience,”  Moroses 
says  of  the  test.  Having  found  numerous 
instances  of  questionable  employee  pro¬ 
ductivity  (extended  visits  to  Myspace.com, 
for  example)  as  well  as  some  policy 
breaches,  the  company  installed  Recon- 
nex’s  electronic  risk  protection  offering  to 
monitor  employee  interaction  with  the  out¬ 
side  world,  and  is  now  leveraging  the  prod¬ 
uct  to  ensure  that  employees  are  only 
accessing  the  internal  information  that  they 
are  authorized  to  view. 

“We’ve  gone  through  an  awakening  in 
stages,  we  put  [Reconnex]  at  all  our  egress 
points  because  we  wanted  to  know  what’s 
going  out,  what's  coming  in  ...  it  leads  you 
to  ask  questions  about  what’s  going  on 
internally  people  accessing  internal  data,” 
Moroses  says.  “We’ve  looked  at  the  edge, 


now  we’re  looking  internally’ 

Reconnex  is  one  of  a  handful  of  vendors 
that  make  up  a  relatively  new  area  in  the 
security  market  that  also  includes  vendors 
such  as  Oakley  Networks,  Vontu,  Vericept, 
PortAuthority  Technologies,  Security  and 
Tablus. 

Called  a  variety  of  terms,  including  net¬ 
work  content  filtering/control,  network 
leak  prevention,  extrusion  prevention 
and  risk  protection,  this  category  is 
largely  defined  by  products  that  monitor 
multiple  network  protocols  with  sophis¬ 
ticated  word  analysis  and  automated 
data  discovery  techniques  to  alert 
administrators  when  sensitive  informa¬ 
tion  is  being  accessed  by  unauthorized 
employees  and/or  sent  outside  of  the 
network.  As  these  products  mature,  the 
facility  to  block  sensitive  information 
from  being  viewed  or  sent  out  of  the  net¬ 
work  is  being  added. 

While  having  such  a  view  into  your  net¬ 
work  sounds  as  good  as  a  superpower,  there 
are  trade-offs. 

First,  there  are  the  upfront  costs;  typical 
configurations  for  these  tools  —  most  of 
which  are  appliances  loaded  with  special¬ 
ized  software  —  generally  start  between 
$25,000  and  $50,000.  In  the  defense-in- 
depth  model  that’s  become  a  popular  way 
to  describe  the  need  for  multiple  layers  of 
information  security  required  in  and 
around  an  organization,  these  tools  are 


secondary  to  the  perimeter  products  such 
as  firewalls  and  intrusion-detection  sys¬ 
tems  required  to  keep  unauthorized  users 
off  a  network. 

Then  there’s  the  time  and  energy 
required  to  customize  these  tools  so  that 
they  understand  what  an  organization 
deems  sensitive. 

“In  advance  of  using  this  kind  of  tool, you 
really  have  to  decide  what  to  use  it  for, 
what  nuggets  [of  information]  are  you 
looking  for,  because  these  tools  really  will 
give  you  everything,”  says  Tom  Scocca, 
investigator  and  global  security  consultant 
for  a  large  provider  of  microprocessor 
manufacturing  technology,  which  has 
about  17,000  users  on  its  network.  The 
company  uses  Oakley  Networks’  CoreView 
appliance,  and  Scocca  says  the  vendor 
was  very  helpful  in  tuning  the  product  to 
meet  its  needs. 

But  still  the  company  needed  to  decide 
what  its  crown  jewels  were  before  the  tool 
could  be  effective,  Scocca  says. 

“If  you  don’t  have  any  idea  about  what’s 
important  to  your  company’s  bottom  line, 
then  this  is  just  a  fancy  tool  to  let  you  know 
what’s  traveling  across  the  wire,”  he  says. 

Others  say  these  tools  are  indispensable 
in  this  day  and  age  where  protecting  infor¬ 
mation  means  protecting  assets. 

“Information  has  a  dollar  value  [today], 
whereas  10  years  ago  no  one  knew  how  to 
equate  it,”  says  Sharon  Finney  information 


security  administrator  at  Dekalb  Medical 
Center  in  Decatur,  Ga.,  which  uses  Vericept 
to  monitor  is  3,500-user  network.  “Now, 
because  you  can  tie  all  this  [personal] 
information  together  into  a  meaningful  pic¬ 
ture  of  a  person,  then  that  information  does 
have  a  dollar  value,  and  it’s  important  that  it 
be  protected.” 

Then  there’s  the  privacy  issue.  While  in  the 
United  States  there  are  no  laws  against  a 
company  claiming  rights  to  everything  an 
employee  does  when  using  the  corporate 
network,  the  same  isn’t  true  in  some 
European  and  Asian  countries,  where  the 
notion  of  an  individual’s  privacy  trumps 
corporate  policy. 

Of  the  handful  of  organizations  inter¬ 
viewed  for  this  article,  only  one  had 
informed  its  employees  that  it  was  using  a 
network  content  monitoring  tool;  the 
remainder  rely  on  their  corporate  policies 
that  they  believe  give  them  the  latitude  to 
monitor  network  use.m 
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Enterprise  Performance  Management 

Managing  application  performance  over  the  network 

Helping  the  IT  team  become  more  efficient  and  proactive 


In  July  2006,  Dennis  Drogseth,  Network  Services  Practice  Leader  and  Vice  President  with  analyst 
firm  Enterprise  Management  Associates,  made  the  following  observations:  ", Managing  applications 
across  the  network  is  accelerating  in  importance  to  a  degree  unimagined  in  the  past  because  of 
the  increasingly  distributed  nature  of  working,  the  growth  in  application  complexity... managing 
application  delivery  over  the  network  will  require  tightly-knit  team  dynamics  supported  by  manage¬ 
ment  technologies  that  allow  application  and  network  specialists  to  see  the  world  consistently... the 
notion  that  managing  application  delivery  over  the  network  can  be  done  effectively  by  a  group  of 
enclaved  individuals  with  siloed  tools  -  no  matter  how  good  those  tools  are  -  simply  won't  work 
when  so  much  is  at  stake  and  when  the  levels  of  interdependency  between  network  performance 
and  application  performance  are  so  high." 

Application  performance  problems  cause  ripple  effects  throughout  a  business,  from  reduced  employee 
productivity  to  increased  customer  dissatisfaction  and  loss  of  business.  They  also  significantly  reduce 
IT  department  efficiency,  as  staff  members  are  repeatedly  pulled  away  from  development  projects  to 
troubleshoot  performance  issues. 


Why  monitor  application  performance? 

Companies  have  many  reasons  for  monitoring 
application  performance. 

A  multinational  supplier  of  engineered  materials, 
natural  resources,  and  technology-based  services  relies 
extensively  on  its  mission-critical  network  to  connect  its 
many  locations.  A  MPLS  migration  was  planned  to  sup¬ 
port  a  global  rollout  of  an  enterprise  resource  planning 
(ERP)  application  that  would  touch  nearly  every  func¬ 
tion  of  all  its  businesses.  They  needed  a  solution  that 
could  provide  in-depth  WAN  insight,  create  utilization 
baselines,  and  help  in  properly  prioritizing  and  manag¬ 
ing  the  growth  of  applications  on  the  network. 

A  major  insurance  company  wanted  to  proactively  track 
compliance  with  service  level  agreements  (SLAs).  The 
company  also  wanted  to  test  how  infrastructure  changes 
(such  as  consolidating  servers)  would  affect  end-user 
response  times,  as  well  as  reducing  troubleshooting 
time  by  seeing  exactly  what  was  happening  at  the  time 
a  problem  occurred. 

A  major  US  commercial  bank  values  good  application 
performance  because  it  maintains  end  users'  productivity 
-  so  when  problems  do  occur,  the  bank  needs  to 
troubleshoot  them  efficiently.  "We  were  spending  a 
minimum  of  20  hours  a  month  -  sometimes  up  to  two  or 
three  weeks  -  trying  to  diagnose  the  cause  of  application 
slowdowns,"  says  a  network  engineer.  "We  just  didn't 
have  the  staff  to  keep  doing  that."  A  particular  problem, 
he  notes,  was  trying  to  determine  if  a  slowdown  was  a 
network  issue  or  a  server  issue.  "When  our  network  team 
thought  it  was  a  server  problem,  the  server  team  would 
often  claim  it  was  a  network  problem,"  he  said. 

"It  was  difficult  to  pinpoint  the  exact  trouble  spot." 

Fluke  Networks  to  the  rescue 

These  three  companies  have  found  Fluke  Networks' 
Enterprise  Performance  Management  solutions  provide 
accurate,  detailed  insight  into  application 


performance  throughout  the  enterprise.  As  a  result, 

IT  staff  can  quickly  determine  whether  a  problem  is 
network,  application,  or  server  related  and  can  rapidly 
resolve  the  issue. 

For  example,  the  CIO  of  the  multinational  supplier 
stated,  "Visual  UpTime  Select  was  instrumental  to 
the  success  of  our  multi-million  dollar  ERP  initiative 
because  it  gave  us  the  knowledge  and  confidence  that 
our  MPLS  network  was  fully  optimized  for  the  rollout. 
With  Visual  UpTime  Select,  we  could  see  how  our  ERP 
application  performed  on  the  network  by  viewing  appli¬ 
cation  throughput  in  real-time  and  we  could  quickly 
detect  and  troubleshoot  traffic  anomalies.  As  we  made 
our  migration  from  frame  relay  to  MPLS,  the  technology 
once  again  proved  itself  by  providing  us  with  the 
functionality  to  ensure  the  migration  and  the  ensuing 
ERP  deployment  was  quick  and  painless." 

Today,  their  network  is  served  by  three  major  carriers 
and  supported  internally  by  a  handful  of  individuals. 

The  company's  network  challenges  are  increasingly 
focused  on  managing  the  wide  array  of  traffic  -  ERP, 
Citrix,  email  and  Web,  among  the  most  notable  - 
traversing  its  network.  In  fact,  the  organization  has 
seen  a  35  percent  growth  in  application  utilization  in 
the  past  few  years  across  its  70  global  sites. 

"Using  Visual  UpTime  Select,  we  are  able  to  pinpoint 
network  traffic  anomalies  before  they  disrupt  the  flow 
of  business,"  concluded  the  CIO.  "This  technology  is  the 
core  component  in  our  WAN  management  solution.  It 
saves  us  significant  time  and  money  and  allows  us  to 
deliver  an  exceptionally  high  level  of  WAN  service  at  a 
reasonable  cost." 

While  this  organization  needed  complete  WAN-based 
visibility  into  each  of  their  locations,  other  companies 
have  found  that  a  data  center-based  approach  to 
performance  management  is  a  better  fit  for  their  require¬ 
ments.  Fluke  Networks  provides  its  customers  a  variety 


of  performance  management  options  -  creating  unique 
solutions  for  unique  needs. 

According  to  the  insurance  company's  IT  manager, 
"SuperAgent  helps  us  better  serve  our  end  users  by 
being  proactive  with  application  performance  issues  - 
and  being  able  to  more  effectively  baseline  application 
performance  helps  us  ensure  that  we  meet  our  estab¬ 
lished  service  level  agreements  for  transaction  times." 
When  problems  do  rise,  he  notes  that  SuperAgent  "can 
mean  the  difference  between  a  one-hour  slowdown  and 
a  one-day  slowdown." 

The  commercial  bank  finds  SuperAgent's  performance 
monitoring  capabilities  make  the  IT  department  more 
proactive,  identifying  and  resolving  problems  before 
users  are  even  aware  of  them.  The  tool's  enhanced 
troubleshooting  capabilities  save  them  at  least  20 
hours  a  month.  Plus,  it  has  made  a  big  difference  in 
the  relationship  between  the  network  and  server  teams, 
replacing  finger-pointing  with  cooperation.  "Now  the 
server  team  comes  to  us  when  they  have  a  problem  and 
asks  us  to  monitor  their  servers,"  says  a  network  engi¬ 
neer.  "We  also  get  requests  for  troubleshooting  help 
from  other  business  groups  in  the  main  office.  They  all 
think  SuperAgent  is  fantastic  -  they  are  overwhelmingly 
impressed  with  its  reports."  He  also  describes  a  case 
where  slow  performance  of  a  vendor-hosted  application 
was  causing  a  department  to  fall  behind  in  its  work. 
SuperAgent  identified  the  vendor's  server  as  the  source 
of  the  problem,  and  the  vendor  -  who  hadn't  previously 
been  aware  of  the  difficulty  -  was  able  to  quickly  fix  it. 
"We  just  couldn't  do  any  of  this  without  SuperAgent," 
concludes  the  bank's  network  engineer. 

For  more  information 

To  learn  more  about  application  performance  management  solutions, 
visit  www.flukenetworks.com/APM 
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Tools  to  help  secure  your  network,  where  and  when  you  need  them 


; 

The  Microsoft  Malicious  Software  Removal  Tool — over  16  million  instances  of  malware  removed  and  counting.  Read  the 
white  paper,  based  on  data  collected  by  this  effective  tool.  It  arms  you  with  a  clear  view  of  the  security  landscape,  including 
the  latest  trends,  threats,  and  countermeasures.  Find  it  now  at  microsoft.com/security/IT 


c  2006  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered 
trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 
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start-up  but  in  unstructured  data  manage¬ 
ment;  the  fact  that  the  company  does 
encryption  was  a  byproduct,”  says  Craig 
Gomulka,  a  director  with  Draper  Triangle 
Ventures  in  Pittsburgh,  which  invested  in 
BitArmor.  “But  the  encryption  is  the 
enabling  technology;  without  that  base 
you  wouldn’t  be  able  to  do  this.” 

Below  are  10  security  companies  we 
think  are  worth  watching.  Some  are  new 
to  the  market,  others  have  reinvented 
themselves  recently,  still  others  are  just 
beginning  to  make  their  mark  on  the  cor¬ 
porate  mind-set.  All  of  them  are  worth 
keeping  an  eye  on. 


BitArmor  Systems 

Founded:  2003 

CEO:  Patrick  McGregor,  who  held  a  tech¬ 
nical  position  at  Hewlett  Packard 
Laboratories 

“  *  Headquarters:  Pittsburgh 

Funding:  $5  million  from 
Draper  Triangle  Ventures  and 
Clearwater  Capital  Partners 
What  the  company  offers: 

BitArmor  Security  Suite,  software 
that  lets  IT  protect  and  manage  the  life 
cycle  of  stored  data.  The  product  elimi¬ 
nates  the  need  for  public  key  infrastruc¬ 
ture-based  key  management  through  a 
proprietary,  automated  approach. 

Why  the  company  is  worth  watching:  In 
addition  to  encrypting  data,  BitArmor  lets 
administrators  create  policies  for  data  stor¬ 
age  and  retention.  Policy  management  is  a 
growing  issue  with  encrypted  data. 

How  the  company  got  its  start:  Co¬ 
founders  Patrick  McGregor  and  Matthew 
White  were  undergraduate  students  to¬ 
gether  at  Carnegie  Mellon  University  and 
continued  postgraduate  research  on  what 
eventually  became  the  BitArmor  Security 
Suite. 

Where  the  company  got  its  name:  After 
discovering  that  companies  already  had 
taken  nearly  every  name  of  a  Roman  or 
Greek  god, the  founders  focused  on  a  name 
that  describes  the  products  function. 

Who  uses  it:  The  product  began  shipping 
in  September.  The  company  has  not 
released  customer  names  yet. 

Read  more:  www.nwdocfinder.com 
75729. 


Cogneto 

Founded:  2006 

CEO:  Ralph  Scobie,  former  CEO  of  PCS 
Wireless 


Headquarters:  Seattle 
Funding:  Not  disclosed 
What  the  company 
offers:  Unomi,  a  risk- 
management  software 
dZ/*nn\\^  service  for  cognitive 
un  authentication:  the  process 
of  evaluating  user  behavior  during  the 


online  authentication  process  by  track¬ 
ing  input-device  responses  to  various 
questions. 

Why  the  company  is  worth  watching: 

With  Unomi,  Cogneto  is  seeking  to  use 
academic  research  on  cognitive  psychol¬ 
ogy,  behavioral  biometrics  and  online 
behavior  for  a  real-time  analysis  of  risk 
based  on  a  score  of  1  to  100. 

How  the  company  got  its  start:  Cogneto ’s 
Chief  Scientist  Martin  Renaud  believed 
the  cognitive  psychology  research  of  Barry 
Po,  a  computer  science  professor  at  the 
University  of  British  Columbia  who  is 
Cogneto’s  director  of  user  experience, 
could  be  developed  into  a  risk-manage¬ 
ment  product  for  government  and  indus¬ 
try  to  authenticate  users  online. 

Where  the  company  got  its  name: 
Cogneto  is  derived  from  the  word  “cognition.” 

Who  uses  it:  Unomi  is  set  to  be  released 
this  month. 

Cryptolex  Trust  Systems 

Founded: 2003 

CEO:  Clovis  Najm,  whose  previous  expe¬ 
rience  includes  sales  and  marketing  posi- 
UTl/i  tions  at  CryptoCard 

Headquarters:  Owings, 

Funding:  $150,000  from 
the  U.S.  Navy  and  the 
state  °f  Maryland,  plus  an 
undisclosed  amount  of  pri¬ 
vate  funding 

What  the  company  offers:  The  Mobio 
handheld  device  supports  multiple  strong 
authentication  methods,  including  en¬ 
cryption-generated  one-time  passwords, 
VPN  methods,  a  fingerprint  scanner  that 
can  convert  this  biometric  into  a  biocode 
number,  plus  a  wireless-based  door  reader 
for  physical  access.  The  Cryptolex  Uni¬ 
versal  ID  System  has  a  back-end  software 
library  for  building  an  authentication 
server  on  Unix-,  Linux-  or  Windows-based 
computers.  Specialized  applications  bun¬ 
dled  with  the  product  allow  for  Cryptolex- 
based  authentication  on  PDAs  and  lap¬ 
tops,  network  access,  and  physical-access 
control. 

Why  the  company  is  worth  watching: 

Combining  support  for  multiple  strong 
authentication  types  in  a  small  handheld 
device  would  be  convenient  at  companies 
and  government  agencies  with  highly 
mobile  users. 

How  the  company  got  its  start:  The  U.S. 
Navy  and  the  state  of  Maryland  funded 
research  to  come  up  with  a  mobile 
authentication  device. 

Where  the  company  got  its  name: 
“Crypto,”  because  RSA-based  encryption  is 
an  underlying  technology  for  it,  and  “lex” 
stands  for  “lexicon.” 

Who  uses  it:  The  U.S.  Navy  is  testing  it. 

Declude 

Founded: 2000 

CEO:  Rich  Person,  former  chairman  and 


CEO  of  Poindexter  Systems 

Headquarters:  Newburyport, 
V™4//  Mass. 

Funding:  Not  disclosed 
What  the  company 
offers:  Antispam,  anti- 
JV  ""  virus  and  denial-of-ser- 
vice  protection  software  at 
the  mail-server  and  gateway  levels,  whose 
unique  technology  catches  the  mal¬ 
formed  e-mails  where  viruses  hide.  This 
gives  customers  a  new  approach  to  zero- 
day  protection. 

Why  the  company  is  worth  watching: 

Not  as  much  a  start-up  as  a  reinvented 
company  Declude  was  founded  six  years 
ago  but  has  tapped  just  2%  of  the  market 
because  its  original  e-mail  security  prod¬ 
uct  was  designed  to  work  only  with  IMail 
and  SmarterMail  mail  servers.  In  Septem¬ 
ber  the  company  released  Declude  In¬ 
terceptor,  a  version  that  sits  at  the  gateway, 
thus  opening  up  the  potential  user  base 
substantially 

How  the  company  got  its  start:  Scott 
Perry,  an  e-mail  administrator,  was  looking 
for  an  effective  e-mail  security  solution,  so 
he  built  his  own, shared  it  with  friends  and 
colleagues,  and  then  started  the  company. 

Where  the  company  got  its  name:  The 
name  Declude  has  its  roots  in  the  words 
deduce,  include  and  exclude. 

Who  uses  it:  Customers  from  their  IMail 
products  include  AAA,  the  Boston  Celtics, 
JVC,  Korean  Air  and  Sheraton. 

Read  more:  www.nwdocfinder.com 
/5730. 

Exploit  Prevention  Labs 

Founded: 2005 

CEO:  Bob  Bales,  founder  of  PtestPatrol, 
the  antispyware  software  company  ac¬ 
quired  by  CA  in  2004 

Lkr  Headquarters:  Marietta,  Ga. 
Funding:  Undisclosed 

amount  of  seed  capital 
from  angel  investors 
What  the  company 
R\^  offers:  SocketShield,  desk¬ 
top  software  for  scanning  net¬ 
work  streams  and  intercepting  and  block¬ 
ing  exploit  attack  code  against  desktop 
machines,  such  as  drive-by  downloads. 

Why  the  company  is  worth  watching: 
SocketShield  focuses  on  real-time  protec¬ 
tion  against  exploits,  crimeware  and  other 
zero-day  threats  to  prevent  vulnerability¬ 
targeting  malware  being  installed  on 
unpatched  PCs.  An  exploit  is  a  bit  of  code 
that’s  used  to  force  another  bit  of  code 
(usually  with  a  malicious  intent)  to  run. 

How  the  company  got  its  start:  In 
researching  attack  code  launched  against 
unpatched  systems,  Thompson  became 
convinced  nearly  all  the  code  was  created 
in  handwritten  assembly  code,  not  in  a 
compiler,  and  therefore  could  be  identi¬ 
fied  through  signatures. 

Where  the  company  got  its  name:  Its 
sole  focus  is  on  exploit  prevention. 


Who  uses  it:  Initially  available  only  to 
consumers,  it  later  will  be  distributed  to 
the  corporate  market. 

Read  more:  www.nwdocfinder.com 
75731. 

KoolSpan 

Founded: 2001 

CEO:  Tony  Fascenda,  former  executive 
with  a  number  of  wireless  companies, 
including  Aether  Systems 

-c  Headquarters:  Bethesda, 

Funding:  Privately  held 
What  the  company 
offers:  VPN  client  on  a 
^(JRV^  USB  token.  KoolSpan’s 
SecureEdge  tokens  set  up  a 
Layer  2  VPN  that  uses  two-factor  authenti¬ 
cation  and  per-packet  encryption  keying, 
both  extremely  secure  methods. 

Why  the  company  is  worth  watching: 
SecureEdge  eliminates  the  problem  of 
installing  and  maintaining  client  software 
on  remote  PCs  by  supplying  all  the  soft¬ 
ware  needed  within  the  token  itself.  Plus,  it 
automatically  provides  two-factor  authen¬ 
tication,  something  that  generally  requires 
a  separate  infrastructure. 

How  the  company  got  its  start:  Fascenda 
and  two  co-workers  from  Aether  broke 
away  to  create  SecureEdge. 

Where  the  company  got  its  name:  With 
some  help  from  his  daughter,  Fascenda 
came  up  with  a  name  based  on  the  cool 
factor  behind  the  product’s  innovation 
and  the  wide  span  of  applications  that 
could  take  advantage  of  it. 

Who  uses  it:  Customers  include  Sandia 
National  Laboratories. 

Read  more:  www.nwdocfinder.com 
/5732. 

Networkstreaming 

Founded: 2003 

CEO:  Joel  Bomgaars,  former  engineer  at 
Business  Communications 

Headquarters:  Ridgeland,  Miss. 

Funding:  $7  million  from  Southern  Farm 
Bureau  Life  Insurance  and  GulfSouth 
Capital 

What  the  company  offers:  secure 
remote  control  of  PCs  and  servers;  the 
C Ojlf  on^  remote  control 
appliance  that  enables 
f'"  help  desk  sessions  and 
collaboration. 

Why  the  company  is 
^IJRV^  worth  watching:  The  com¬ 
pany  started  with  a  simple 
mission  —  to  speed  up  resolution  of  help 
desk  calls  —  and  has  made  the  process 
more  secure  by  putting  all  the  technology 
in  the  customer’s  hands,  not  the  service 
provider’s.  Also,  it  uses  no  client  software, 
so  the  remote  machine  cannot  be  taken 
over  via  NetworkStreaming’s  SupportDesk 
platform  unless  the  user  initiates  a  session. 

How  the  company  got  its  start:  Bomgaars 
See  Security,  page  26 
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AVAILABILITY:  GUARANTEED 
PERFORMANCE:  ACCELERATED 
SECURITY:  ASSURED 
COMPLEXITY:  REDUCED 

Radware  APSolute  Application  Delivery 


HOW  EXPOSED 
IS  YOUR  NETWORK? 


An  exposed  network  is  a  big  risk.  If  your  network  isn’t  providing  multi-layered 
security,  it’s  only  a  matter  of  time  before  productivity  falls  under  attack. 


ZERO-DAY  ATTACKS. 
DENIAL  OF  SERVICE. 


Thankfully,  with  Radware  APSolute™  your  network  is  available  24/7,  runs 
fast  and  stays  secure  with  the  industry’s  first  solution  offering  self-learning, 
behavior-based  protection. 


VIRUSES,  WORMS  &  TROJANS. 


Preventing  intrusion,  deflecting  DoS  attacks  and  boosting  performance  ensures 
business  continuity  and  transaction  completion  even  in  a  hostile  environment. 


MALICIOUS  CONTENT. 


Find  out  how  to  protect  your  business  by  making  your  network  application-smart. 

Call  Radware  today  at  1-888-234-5763  or  visit  www.radware.com. 


V 


©  2006  Radware,  Ltd.  All  Rights  Reserved.  Radware  and  all  other  Radware  product  and  service  names  are  registered  trademarks  of  Radware  in  the  U.S.  and  other  countries. 
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continued  from  page  24 


was  looking  for  a  way  to  eliminate  his  hav¬ 
ing  to  drive  for  hours  through  the 
Mississippi  heat  to  support  his  help  desk 
customers,  and  so  invented  the  platform. 

Where  the  company  got  its  name:  Tire 
founders  were  looking  for  a  name  that 
implied  the  connection  of  computer  to 
computer. 

Who  uses  it:  Customers  include 
Electronic  Data  Systems,  Hilton  Hotels, 
Humana,  Panasonic,  Texas  A&M  University 
and  the  U.S.  Navy. 

Read  more:  www.nwdocfinder.com 
/5733. 


Savant  Protection 

Founded:  2004 

CEO:  Co-founder  Ken  Steinberg, formerly 
held  senior  positions  at 
companies  Digital  Equip- 
*  ment,  Hughes,  Hitachi 


and  the  John  Von 
Neumann  Super  Com- 
puting  Center  for  the 
National  Science  Foundation 

Funding:  Not  disclosed 

Headquarters:  Nashua,  N.H. 

What  the  company  offers:  Software  for 
Windows  and  Linux  servers  and  desktops 
to  protect  against  malware  by  taking  a 
cryptographic-based  snapshot  of  applica¬ 
tions  so  that  unauthorized  changes  can’t 
be  made. 

Why  the  company  is  worth  watching: 

The  approach  could  play  a  role  in  con¬ 
taining  and  mitigating  the  spread  of  mal¬ 
ware  infestations. 

How  the  company  got  its  start:  Steinberg 
says  he  saw  a  basis  for  protecting  software 
from  malware  with  the  so-called  “sliding 
acoustical”  signature  he  created  for  taking 
a  digital  fingerprint  of  a  user’s  application. 

Where  the  company  got  its  name: 
“Savant”  means  a  learned  person  or 
scholar. 

Who  uses  the  product:  Connecticut 
River  Bank,  Neueon 


Void  Communications 

Founded:  2005 

CEO:  Joseph  Collins,  who  for- 
merly  founded  his  own  com¬ 
pany  Griffon  Energy,  which 
bought  and  sold  gas  stations. 
Headquarters:  New  York 
„  —  .  Funding:  An  undisclosed 

amount  of  seed  funding  from 
Aegis  Holdings 

What  the  company  offers:  What’s  more 
secure  than  e-mail  that  doesn’t  leave  a 
trace?  VaporStream  is  a  Web-based  service 
that  lets  two  parties  communicate  with 
their  standard  e-mail  addresses;  the  mes- 
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Subscribe  to  our  free  newsletter. 
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sage  is  transmitted  as  an  encrypted  image, 
and  browsers  on  each  end  are  instructed 
not  to  cache  it,  so  there  is  no  record. 
Instead  of  jumping  through  all  sorts  of 
technical  hoops  to  secure  e-mail  commu¬ 
nications,  the  service  simply  vaporizes 
them. “You  can  trust  that  once  you  read  a 
message  it  is  gone,”  boasts  the  company 
Web  site. 

Why  the  company  is  worth  watching: 

Void  is  attempting  to  bring  privacy  back  to 
electronic  communications.  The  security 
that  VaporStream  offers  represents  a  break¬ 
through  in  simplicity  —  sorely  needed  in 
the  realm  of  security  technology  —  but 
the  company  may  have  a  tough  time  con¬ 
vincing  enterprises  that  making  e-mails 
disappear  is  the  best  way  to  communicate. 
Most  likely  the  service  will  find  niche  mar¬ 
kets  that  can  take  advantage  of  this  sim¬ 
plicity  without  being  concerned  about  the 
consequences  associated  with  not  archiv¬ 
ing  an  e-mail  message. 

How  the  company  got  its  start:  Collins, 
looking  to  reestablish  privacy  and  confi¬ 
dentiality  in  workplace  communications, 
teamed  with  technologist  and  friend 
Amit  Shah. 

Where  the  company  got  its  name:  The 

founders  believed  there  were  gaps  or 
voids  in  the  world  of  communications  and 
felt  they  could  fill  those  voids. 

Who  uses  the  product:  Currently  con¬ 


sumers.  Void  is  working  on  an  enterprise 
version  of  VaporStream,  as  well  as  versions 
for  BlackBerrys  and  Windows  Mobile 
devices. 

Read  more:  www.nwdocfinder.com/5734. 

Yoggie  Security  Systems 

Founded:  2005 

CEO:  Shlomo  Touboul,  founder  and 
CEO  of  Shany  Computers,  Finjan 
Software,  Runway  Telecom 

§and  Runway  Telecom  Ven- 

Funding:  In  May  received 
$1.8  million  in  first  round 
*«'/'hrVVn  of  venture  capital 

Headquarters:  Tel  Aviv,  Israel 
What  the  company  offers:  Yoggie 
Gatekeeper,  a  gateway  that  protects  lap¬ 
tops  on  the  road  so  they’re  as  secure  as 
PCs  in  the  corporate  office. 

Why  the  company  is  worth  watching: 
Most  mobile-client  security  measures 
require  running  several  security  applica¬ 
tions  and  agents  on  the  laptop,  making 
them  dependent  on  the  security  capabil¬ 
ities  of  the  underlying  Windows  operat¬ 
ing  system.  As  a  separate,  inline  appli¬ 
ance,  Yoggie  offloads  the  security  soft¬ 
ware  stack  from  the  laptop  and  sidesteps 
Windows. 

How  the  company  got  its  start: 

Enterprise  customers  installed  the  con¬ 


Next-generation  WANs:  no 


In  case  you  missed  the 
memo,  MPLS  now  is  the  tech¬ 
nology  of  choice  for  WAN 
underpinnings.  More  than 
half  of  the  companies  1  work 
with  on  a  regular  basis  say 
they’re  using  MPLS  or  plan¬ 
ning  to  in  the  near  future  — 
and  that  number  increases 
dramatically  among  compa¬ 
nies  that  are  large  (with  more 
than  $1  billion  in  annual  rev¬ 
enue)  and/or  have  global  operations. 
That’s  why  I’ve  been  spending  the  last  few 
columns  detailing  best  practices  for 
migrating  to  an  MPLS-based  WAN,  for 
those  who  are  still  in  transition. 

MPLS  isn’t  the  whole  story  however.  A 
less-obvious  but  fascinating  corollary  is 
the  demise  of  the  three-tiered  architecture 
that  dominated  WANs  from  roughly  1995 
until  about  last  year.  In  case  you’ve  forgot¬ 
ten,  here’s  how  it  worked:  Tier  1  was  the 
high-speed  interconnects  (ATM  or  dark 
fiber)  linking  data  centers,  contact  centers 
and  large  headquarters  facilities.  Tier  2 
was  the  core  WAN  architecture,  typically 
frame  relay,  which  connected  larger  sites 
with  the  majority  of  sites.  Tier  3  was  the 
mishmash  of  connectivity  options  (dial-up 
Internet  VPN  links,  very-small-aperture  ter¬ 


minals  and  so  on)  used  to 
link  remote  and  mobile  sites 
into  the  core  WAN. 

What  happened  over  the 
past  few  years  is  that  data  cen¬ 
ter  consolidation,  branch- 
office  proliferation,  the  growth 
in  broadband  and  the  spread 
of  MPLS  have  combined  to 
fuse  that  tiered  architecture 
into  a  much  flatter  design  — 
one  that  relies  on  MPLS-based 
services  to  most  sites  in  the  network,  from 
branch  or  remote  offices  to  data  centers. 

Let’s  start  with  data  center  consolidation. 
As  I’ve  noted  in  previous  columns,  most 
companies  have  consolidated  their  data 
centers  over  the  past  12  months  —  and 
most  will  continue  to  do  so  during  the  next 
12  months.  That  means  ultimately  we’ll 
arrive  at  an  architecture  based  on  two  to 
four  data  centers  linked  by  a  range  of  high¬ 
speed  network  technologies.  While  dense 
wavelength  division  multiplexing  over  dark 
fiber  is  a  common  choice  (and  some  com¬ 
panies  are  still  using  ATM)  as  a  data  center 
interconnection,  companies  increasingly 
are  moving  to  high-speed  (OC-1  or  OC-3) 
MPLS-based  services. 

Not  every  company  is  jumping  on  the 
bandwagon  of  MPLS  between  data  cen- 


EYE  ON  THE  CARRIER 
Johna  Till  Johnson 


tent-security  appliances  from  Touboul’s 
previous  start-up,  Finjan,  then  asked,  “So, 
now  we  have  a  great  security  solution  for 
users  within  the  corporate  network,  but 
what  are  we  going  to  do  with  the  traveling 
users  connecting  from  elsewhere?”“l  never 
had  a  real  answer  for  this,”  he  says.  After 
leaving  Finjan,  he  finally  answered  it 
with  Yoggie  Gatekeeper. 

Where  the  company  got  its  name: 
Touboul  picked  a  made-up  word  that  had 
the  same  sound  in  almost  any  language 
and  was  easy  to  remember. 

Who  uses  the  product:  The  product  is 
scheduled  to  be  available  in  November. 

Read  more:  www.nwdocfinder.com/5735. 

— Additional  reporting  by  Tim  Greene, 
■John  Cox  and  Deni  Connor. 
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Security  event 

Looking  for  better  security  solutions?  Need  an  inte¬ 
grated  strategy?  Attend  a  Network  World  IT 
Roadmap  event  coming  to  San  Francisco.  One  day. 
Eight  tracks.  And  40  IT  all-stars,  analysts,  vendors 
and  user  case  studies  ready  to  work  for  you. 

www.nwdocrmder.com/5339 


more  tiers 

ters,  however. Some  high-end  firms, such  as 
financial  services  organizations,  report 
that  without  a  substantial  number  of 
branch  offices  to  connect  to,  MPLS  doesn’t 
offer  a  price-performance  advantage  over, 
say,  dark  fiber. 

Speaking  of  branch  offices,  I’m  seeing 
roughly  a  10%  annual  increase  in  the  num¬ 
ber  of  branch  offices.  That’s  a  lot.  The  vast 
majority  of  these  newer  branch  offices 
have  broadband  (T1  rates  and  faster)  con¬ 
nections.  That’s  a  sea  change  from  yester¬ 
year,  when  branch  offices  typically  were 
served  by  56K  to  fractional-Tl  connections. 
Once  again,  MPLS-based  services  (which, 
unlike  frame  relay  scale  from  T1  to  OC-X 
speeds),  are  a  perfect  fit. 

Finally  companies  increasingly  are  mov¬ 
ing  to  highly  redundant  Internet  connec¬ 
tions  as  a  way  to  link  their  mobile  users, 
business  partners  and  customers.  More  on 
that  development  in  a  bit. 

The  bottom  line?  The  old-school,  three¬ 
tiered  architecture  is  fading  away,  replaced 
by  a  flat  MPLS  mesh  linking  everything 
from  data  centers  to  branch  offices. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Products  for  Small  and  Medium  Business 


Will  today  be  the  day 
you  lose  data  and  can't 
get  it  back? 


Wipe  out  worry  with 
backup  software  you 
can  trust. 

Save  20% 

MSRP  reduced 
$1 50-S300  on  select 
Retrospect  Editions 


I  eiWc  Retrospect 

|  tor  Windows 


Introducing  EMC4  Retrospect*  Backup  Software 
for  Small  and  Medium  Businesses 


Everybody  knows  that  knot-in-your-stomach  feeling  when  critical  data  disappears.  That's  where  EMC 
Retrospect  7.5  for  Windows  comes  in.  Specifically  designed  for  small  and  medium  businesses, 

EMC  Retrospect  protects  all  of  your  vital  business  information. 

•  Reliably  protect  your  servers,  desktops,  and  notebooks  with  automated,  self-adjusting  operations 

•  Back  up  and  recover  fast  with  the  most  respected  disk-to-disk-to-tape  software  solution  in  the  industry 

•  Maximize  backup  security  with  government-certified  AES  encryption 

Limited-time  manufacturer's  discounts:  Save  $300  off  MSRP  on  Retrospect  Multi  Server 
Edition  (MZ11A0075C)  and  $150  off  MSRP  on  Retrospect  Small  Business  Server  Premium  Edition 
(TZi i A0075C).  Offer  available  through  EMC  Velocity2  SMB  partners. 


To  find  a  partner,  call  800-287-7541  or  send  an  e-mail  to  emcinsignia_sales@EMC.com  today. 
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where  information  lives' 


EMC2.  EMC,  Retrospect,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  All  other  trademarks  are  the  property  of  their  respective  owners.  ©  Copyright  2006 
EMC  Corporation.  All  rights  reserved.  Promotion  is  available  on  Electronic  Software  Distribution  (ESD)  license  skus  only  (Retrospect  Multi  Server  w/  ASM  MZ11A0075C  and  Retrospect  Small 
Business  Server  Premium  w/  ASM  TZ11A0075C}. 
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The  ShAir  AccessG  Pro 
AP/Bridge:  MILAN’S  new 
cost-effective,  enterprise-class 
wireless  access  point. 
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The  MIL-SM240IM  Series  is 
MILAN’S  most  powerful,  flexible 
line  of  Layer  2  management 
switches. 


MILAN’S  MIL-SM80I  series  of 
layer  2  managed  switches 
provides  high  performance  non- 
blocking  switching. 


Don;t  pay  for  unneeded  hassles.  MILAN  puts  simplicity  within 
your  reach,  freeing  you  from  unnecessary  entanglements  to  focus 
on  the  real  work  of  administration. Transition  Networks,  the 
industry  leader  in  product  quality,  availability  and  support,  now 
offers  MILAN  switching  and  wireless  products  to  help  you  simply 
connect  the  devices  you  need  —  priced  and  optimized  for  small- 
to  mid-sized  business.  Why  pay  more  for  simplicity? 
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TECHNOLOGY  UPDATE 


AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 

New  approach  to  virtualizing  x86s 


HOW  IT  WORKS:  Native  virtualization 

Native  virtualization  accelerates  virtual  I/O. 


Industry-standard  server 


1/0:  PIC,  APIC 
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Q  The  hypervisor  boots  on  a  processor  with  hardware-assisted  virtualization. 

B  The  virtual  services  partition  boots.  It  is  a  privileged  guest  and  can  access  hardware  directly. 

Q  A  natively  virtualized  guest  boots  and  starts  executing  in  a  virtual  server  container. 

□  Based  on  performance  the  accelerated  I/O  drives  are  dynamically  loaded  and  connected  to  the  virtual 
services  partition. 


BY  CHRIS  BARCLAY 

Server  virtualization  is  an  approach  by 
which  processor  architecture  is  virtualized 
to  allow  multiple  operating  systems  to  run 
in  isolation  on  the  same  hardware.The  soft¬ 
ware  that  provides  this  capability  is  often 
referred  to  as  a  virtual  machine  monitor  or 
hypervisor. 

There’s  a  new  approach  to  virtualizing  the 
x86  processor  architecture  called  native  vir¬ 
tualization.  Native  virtualization  leverages 
new  hardware-assisted  capabilities  avail¬ 
able  in  the  latest  processors  from  Intel  and 
Advanced  Micro  Devices  (AMD)  to  provide 
near-native  performance. 

Prior  to  these  processors,  the  x86  archi¬ 
tecture  did  not  meet  some  fundamental  re¬ 
quirements  for  virtualization,  making  it  diffi¬ 
cult  to  implement  a  VMM  for  this  type  of 
processor. These  requirements  include: 

•  Equivalence:  A  program  running  under 
the  virtual  machine  should  exhibit  a  behav¬ 
ior  essentially  identical  to  the  original  phys¬ 
ical  machine. 

•  Resource  control:  The  virtual  machine 
must  be  in  complete  control  of  the  virtual¬ 
ized  resources. 

•  Efficiency:  The  virtual  machine  should 
not  significantly  degrade  workload  perfor¬ 
mance. 

Historically  virtualization  of  the  x86  archi¬ 
tecture  has  been  accomplished  in  two 
ways:  through  full  virtualization  or  paravir- 
tualization.  Both  create  the  illusion  of  phys¬ 
ical  hardware  to  achieve  the  goal  of  operat¬ 
ing  system  independence  from  the  hard¬ 
ware  but  present  some  trade-offs  in  perfor¬ 
mance  and  complexity 

Paravirtualization,  as  a  technique  for  virtu¬ 


alizing  x86  architecture,  has  primarily  been 
used  for  university  research.  The  research 
projects  employ  this  technique  to  run  mod¬ 
ified  versions  of  operating  systems,  for 
which  source  code  is  readily  available 
(such  as  Linux  and  FreeBSD). Paravirtualiza¬ 
tion  requires  radical  modifications  of  the 
operating  system  and  therefore  cannot  sup¬ 
port  deployed  operating  systems.  As  a  result, 


this  approach  cannot  be  seriously  consid¬ 
ered  within  a  commercial  environment. 

Full  virtualization  is  implemented  in  first- 
generation  VMMs  in  use  today  It  relies  on 
sophisticated,  but  fragile,  software  tech¬ 
niques  to  trap  and  virtualize  the  execution 
of  certain  sensitive,  nonvirtualizable  in¬ 
structions  in  software  via  binary  patching. 
With  these  techniques,  critical  instructions 


are  discovered  at  run-time  and  replaced 
with  a  trap  into  the  VMM  to  be  emulated  in 
software. These  methods  incur  large  perfor¬ 
mance  overhead  as  compared  with  a  virtu¬ 
al  machine  running  on  natively  virtualized 
architectures  such  as  the  IBM  System/370. 
This  becomes  a  major  problem  in  the  area 
of  system  calls,  interrupt  virtualization  and 
frequent  access  to  the  privileged  resources. 
As  a  result,  first-generation  VMMs  have  been 
relegated  to  applications  that  are  not  mis¬ 
sion  critical  and  do  not  tax  performance. 

Recently  Intel  and  AMD  released  proces¬ 
sors  with  hardware-assisted  virtualization 
support  built  in.  With  these  new  processor 
capabilities,  the  x86  architecture  now  meets 
the  virtualization  requirements  stated 
above,  making  native  virtualization  a  reality 

With  native  virtualization  the  VMM  simu¬ 
lates  the  complete  hardware,  allowing  an 
unmodified  operating  system  for  the  same 
type  of  CPU  to  execute  within  the  virtual 
machine  container.  With  native  virtualiza¬ 
tion,  the  VMM  can  efficiently  virtualize  the 
x86  instruction  set  by  handling  the  sensi¬ 
tive,  nonvirtualizable  instructions  using  a 
classic  trap-and-emulate  model  in  hard¬ 
ware  vs.  software.  It  also  uses  performance 
analysis  to  selectively  employ  acceleration 
techniques  for  memory  and  I/O  operations. 

Native  virtualization  offers  considerable 
benefit  to  users  in  performance  and  ease  of 
implementation.  It’s  worthy  of  considera¬ 
tion  for  those  planning  their  next  steps  in 
server  virtualization. 

Barclay  is  the  director  of  product  manage¬ 
ment  at  Virtual  Iron  Software.  He  can  be 
reached  at  cbarclay@oirtualiron.com. 


Ask  Dn  Internet  By  Steve  Blass 


Can  you  tell  me  if  my  older  Web  application 
pages  will  work  with  Internet  Explorer  Version 
7,  coming  soon  from  Microsoft? 

Microsoft  has  tentatively  scheduled  Internet  Explorer 
7  for  release  to  the  automatic  update  systems  at  the 
beginning  of  November.  You  can  download  the  release 
candidate  today  (www.Microsoft.com/ie).  Test  your 
important  Web  pages  and  applications  if  you  haven’t 
started  that  process  already.  There  are  some  notice¬ 
able  differences  in  how  Cascading  Style  Sheets,  back¬ 


ground  images  in  tables  and  some  dynamic  content  are 
handled.  You  will  be  asked  to  customize  security  set¬ 
tings  when  you  first  start  Version  7.  The  new  version 
supports  tabbed  browsing,  and  seems  to  load  pages 
much  quicker.  I  was  pleasantly  surprised  at  how  fast 
one  of  our  older  Java  applet  pages  loaded,  and  it  works 
just  the  way  it  should  in  Version  7. 

The  browser  will  be  offered  as  a  high-priority  update 
when  it  is  deployed  to  Windows  Update  but  will  not 
automatically  install  itself.  A  local  admin  will  have  to 
accept  the  option  to  install  the  new  version.  Sites  using 


Software  Update  Services,  Windows  Server  Update 
Services  or  System  Management  Server  will  have  com¬ 
plete  control  over  Version  7  deployment  —  you  can  also 
use  the  Version  7  Blocker  Kit  (www.nwdocfinder.com/ 
JDJD)  to  remove  it  from  the  high-priority  update  list.  It 
will  still  be  listed  as  an  optional  update  and  can  still  be 
manually  installed. 

Blass  is  an  IT  manager  in  Phoenix,  and  can  be  reached 
at  dr.internet@jschnee.com. 


m 
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More  Web  OSs  and  one  in  particular 


GEARHEAD 


Last  week  (www.nwdocfinder.com 
/5739)  we  started  to  discuss  Web 
operating  systems  (otherwise  called 
Webtops).To  briefly  recap,  these  sys¬ 
tems  emulate  a  Windows  multiappli¬ 
cation  operating-system  environ- 
ment  using  AJAX  or  flash  applica- 
IlNolDL  1  tions  executing  in  a  Web  browser, 
NETWORK  sometimes  with  additional  back-end 
MACHINE  processing  handled  by  a  remote 
server. 

Mark  Gibbs  Web  operating  systems  provide  an 
infrastructure  for  managing  Web 
applications,  their  active  data  and  configurations,  and  their 
interaction  with  each  other. 

Webtops  can  run  on  any  modern  browser  on  any  operat¬ 
ing  system,  and  because  the  user  configuration  is  stored  on 
a  remote  server,  the  Web  operating  system  should  run  from 
anywhere. 

We  must  mention  that  Web  operating  systems  have  noth¬ 
ing  to  do  with  WebOS.a  research  project  started  in  1996  at 
University  of  California,  Berkeley  That  project  is  described 
as:“WebOS  provides  basic  operating  systems  services  need¬ 
ed  to  build  applications  that  are  geographically  distributed, 
highly  available,  incrementally  scalable  and  dynamically 
reconfiguring.” 

WebOS  paved  the  way  for  projects  such  as  Legion 
(www.nwdocfinder.com/5741),  “an  object-based  metasys¬ 
tems  software  project  at  the  University  of  Virginia  ...  de¬ 


signed  for  a  system  of  millions  of  hosts  and  trillions  of 
objects  tied  together  with  high-speed  links.” 

The  Legion  project  was  the  foundation  of  the  Centurion 
test  bed  (www.nwdocfinder.com/5742),  which,  according 
to  its  home  page,  can  deliver  more  than  240GFlops  using 
384  processors  (that’s  0.625GFlops  per  processor). 

Centurion  has  produced  remarkable  performance,  such 
as  3.7GFlops  using  49  nodes, or  0.0755GFlops  per  processor 

You  can,  if  you  like,  build 
your  own  Webtop. 

(www.nwdocfinder.com/5743). With  an  equipment  cost  of 
just  $20,000,  that  equates  to  just  $5,405  per  GFlop. 

Now  we  need  to  stop  digressing. 

An  example  of  a  current  and  useable  Web  operating  sys¬ 
tem  is  the  subject  of  the  800th  issue  of  the  “Network  World 
on  Web  Applications”  newsletter  (www.nwdocfinder.com 
/5744).The  issue  contains  a  review  of  an  interesting  open 
source  Web  operating  system  project  called  eyeOS,  which 
has  a  back-end  written  in  PHP  that  creates  a  client-side 
Webtop  and  applications  using  AJAX. 

You  can,  if  you  like,  build  your  own  Webtop. The  founda¬ 
tion  of  a  Webtop  system  requires  a  manager  to  create  and 
manage  windows  in  a  browser  display  Over  the  past  few 
months  a  number  of  excellent  products  have  appeared, 
and  one  that  impressed  us  was  Winlike  from  Ceiton  tech¬ 
nologies  (www.winlike.net). 


Winlike  is  a  purely  dynamic  HTML-based  system  and 
remarkably  only  27KB  in  size.  It  works  with  Microsoft 
Internet  Explorer  5.5  or  higher,  Netscape  Navigator  6.1  or 
higher  and  the  Mozilla  family  of  browsers  (Mozilla  0.92, 
Firebird  0.7,Galeon,Avant,etc.)  without  plug-ins. 

At  the  heart  of  Winlike  is  the  Window-Manager,  which 
manages  the  set  of  overlapping  windows  you  want  to 
use.  The  Window-Manager  provides  functions  for  creat¬ 
ing,  closing,  moving  and  minimizing  windows,  and  han¬ 
dles  all  the  rendering  issues  of  supporting  overlapping 
windows. 

Winlike  includes  an  editor  for  configuring  Winlike  win¬ 
dows  that  generates  the  code  to  include  in  your  Web 
pages.lt  includes  an  API  so  you  can  create  anything  from 
a  simple  multiple-window  display  to  a  complex,  dynamic 
environment  for  dashboards. 

We  tried  building  a  Winlike  system  with  flash  content 
generated  by  Crystal  Excelsius  (www.xcelsius.com),  and 
it  was  ridiculously  easy!  Oh,  the  Web  Applications  newslet¬ 
ter  also  covered  Xcelsius  —  (www.nwdocfinder.com 
/5745). 

Winlike  is  free  for  noncommercial  use  and  for  develop¬ 
ment  purposes.  For  a  commercial  Web  site  or  Web  applica¬ 
tion,  a  single  server  license  is  $80.  Volume  server  licenses 
are  also  available. 

Next  week  we  have  a  two  interesting  commercial  Web 
operating  systems  for  your  delectation.  Until  then,  digress  to 
gearhead@gibbs.com  or  on  Gibbsblog. 


CoolTools 


Quick  takes  on  high-tech  toys.  Keith  Shaw 


Are  branded  gadgets  the  new  geek  status  symbol? 

I’m  having  a  hard  time  understanding  the  appeal  of  designer  gad¬ 
gets  —  have  they  become  the  new  status  symbol  for  the  wealthy 
geek,  or  am  1  just  too  interested  in  tech  features, speeds  and  feeds  to  give  two  hoots 
about  what  the  device  looks  like  or  other  special  branding  the  device  may  have? 

Two  recent  product  announcements  make  me  wonder.  First,  T-Mobile  USA  has 
partnered  with  fashion  designer  Diane  von  Furstenburg  and  street-wear  maker 
Lifted  Research  Group  (L-R-G)  to  make  a  couple  of  limited-edition  T-Mobile  Sidekick 
wireless  email  devices.  The  devices  have  the  same  features  as  the  Sidekick  3  and 
will  be  available  in  limited  quantities  at  select  T-Mobile  retail  stores  starting  Oct.  30. 

T-Mobile  says  the  Diane  von  Furstenburg  version  of  the  Sidekick  will  be  “dressed 
in  sleek  black  and  feature  Diane’s  signature  hot-pink  lips.”  The  L-R-G  version  is 

designed  with  “traditional  baby  tree  camou¬ 
flage  and  customized  with  L-R-G’s  iconic 
imagery/’ 

Technical  features  on  the  device  include  a 
cell  phone,  support  for  three  instant-messag¬ 
ing  clients,  personal  e-mail  and  a  Web 
browser.  The  devices  support  T- 
Mobile’s  Edge  wireless  network,  and 
have  a  1. 3-megapixel  digital  camera, 
MP3  player,  Bluetooth  wireless  and  a 
trackball  for  easier  navigation. 

Acer  America  announced  North 
American  availability  of  its  Ferrari  1000 
and  5000  notebooks,  which  bring  the 
latest  performance  features  with  the 


Acer  America's  Ferrari  5000  seems  to  scream 
performance. 


Do  people  really  want  a  fashionable 
T-Mobile  Sidekick? 


Ferrari  brand  of  Formula  One  racing.  The  Ferrari  1000 
notebook  has  the  latest  AMD  Turion  64  X2  processors,  a 
12.1-inch  CrystalBrite  widescreen  display  (with  ATI 
Radeon  Xpress  1 150  graphics  chip  set  with  512MB 
of  memory),  integrated  draft  802.1  In  wire¬ 
less  technology  and  Bluetooth  2.0  con¬ 
nectivity  The  1000  ($2,000)  includes 
Acer’s  OrbiCam,  a  1.3-megapixel  Web 
camera  positioned  on  the  top  of  the 
LCD  panel. 

The  Ferrari  5000  ($2,300)  has  a 
15.4-inch  screen,  802.1  la/b/g  wire¬ 
less,  Bluetooth  2.0,  Gigabit  Ethernet 
port  and  a  160GB  hard  drive.lt  comes  with  an  Acer  Bluetooth  VoIP  phone,  OrbiCam 
Web  camera  and  videoconferencing  software. 

One  thing  I  could  get  behind  is  device  branding  that  supports  a  charitable  cause. 
In  conjunction  with  Red  (created  by  U2  lead  singer  Bono  and  Bobby  Shriver), 
which  gets  companies  to  create  branded  products  to  help  in  the  fight  against  AIDS 
in  Africa,  Apple  and  Motorola  have  announced  Red  editions  of  their  devices.  The 
iPod  nano  Red  Special  Edition  ($199, 4GB)  comes  in  a  red  aluminum  enclosure, and 
$10  from  each  sale  goes  to  the  Global  Fund  to  help  fight  HIV/AIDS  in  Africa,  Apple 
says.The  company  will  also  offer  a  $25  iTunes  Red  gift  card  next  month. 

Motorola  and  Sprint  have  also  joined  the  cause,  announcing  the  Red  MotoRazr 
V3m  cell  phone.lt  includes  access  to  Sprint  TVSprint  Movies,  NFL  Mobile  and  Sprint 
Music  Store, and  has  a  1.3-megapixel  digital  camera,  GPS  support,  MicroSD  memory 
card  slot,  speaker  phone  and  Bluetooth  wireless.  The  Red  version  of  the  MotoRazr 
will  cost  $305,  or  $65  with  a  two-year  agreement  and  rebates.  Motorola  and  Sprint 
say  they  will  contribute  directly  to  the  Global  Fund  with  each  Red  MotoRazr  sold. 

Shaw  can  be  reached  at  kshaw@nww.com.  New  Cool  Tools  video  every  Thursday, 
and  Twisted  Pair  podcast  every  Friday  at  www.networkworld.com. 
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E-MAIL  NEWSLETTER  SHOWCASE: 

WIRELESS  IN  THE  ENTERPRISE 

The  ‘gotcha’  in 
automating  rogue 
containment 


In  Their 

WORDS 

Vendor  Solutions  for  Your  IT  Challenges 


BY  JOANIE  WEXLER 

For  optimum  security  and  scalability,  it’s  desirable  to 
automate  the  process  of  disabling  rogue  Wi-Fi  devices 
discovered  by  your  wireless  intrusion  detection/pre¬ 
vention  system.  However, you  also  must  avoid  unlawful 
disruption  of  other  operators’ Wi-Fi  networks.  Striking  a 
balance  can  be  tricky,  particularly  in  multi-tenant 
office  buildings  and  other  crowded  environments. 

For  example,  many  WIDPs  have  the  ability  to  identify 
what  your  corporate  policy  deems  a  rogue  and  automati¬ 
cally  disable  it.  However,  depending  on  how  smart  your 
WIDP  is,  entirely  automating  this  process  could  shut  down 
a  legitimate  access  point  in  a  neighboring  network. 

Because  Wi-Fi  runs  in  unlicensed  spectra,  with  equal 
access  afforded  to  all  network  operators,  the  FCC  says 
you  could  be  legally  responsible  if  you  knowingly  in¬ 
fringe  on  someone  else’s  network.  So  how  your  com¬ 
pany  defines  a  rogue  is  important.  Are  all  unauthorized 
access  points  rogues,  for  example?  Or  should  the  defi¬ 
nition  be  reserved  for  unauthorized  access  points  that 
are  plugged  into  an  Ethernet  port  in  your  wired  net¬ 
work?  Some  WIDPs  can  tell  if  the  access  point  is  con¬ 
nected;  others  can’t. 

The  University  of  Portland  learned  this  when  it  built 
its  first  official  campuswide  wireless  LAN  (WLAN)  last 
year.  It  operates  two  Cisco  4400  WLAN  controllers  and 
about  85  Cisco  lightweight  access  points.  The  school 
uses  the  Cisco  centralized  Wireless  Control  System 
(WCS)  for  intrusion  prevention  and  other  radio  fre¬ 
quency  capabilities. 

Initially  the  system  was  configured  to  automatically 
disassociate  access  points  that  the  WCS  identified  as 
rogue,  says  Bryon  Fessler,the  university’s  vice  president 
for  information  services  and  CIO. 

However,  the  WCS  system  classifies  any  unauthorized 
access  point  as  rogue,  regardless  of  whether  it  is  con¬ 
nected  to  the  wired  network.  So  nearby  business  and 
residential  access  points  were  at  risk  for  getting  shut 
down  by  the  school’s  WCS. 

As  a  result,  Fessler  says,  Cisco  changed  the  WCS 
design  such  that  a  warning  appears  on  the  WCS  man¬ 
agement  screen  and  asks  the  administrator  whether  to 
proceed  with  the  disablement.  Alerts  like  these  in  the 
WCS  and  other  WIDP  systems  helps  to  keep  us  from 
intruding  on  other  networks. 

On  the  other  hand,  having  to  “yay”  or  “nay”  the  disable¬ 
ment  decision  with  the  discovery  of  every  unauthorized 
device  makes  the  process  much  more  manual,  Fessler  says. 
‘And  on  a  campus, 
we  deal  with  lots  and 
lots  of  rogues,”  he 
says. 

Wexler  is  an  inde¬ 
pendent  networking 
technology 
writer/editor.  She  can 
be  reached  at 
joanie@jwexler.com. 
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COMPANY:  Netcordia 


COMPANY:  The  Siemon  Company™ 


OVERVIEW:  Founded  in  2000,  Netcordia  develops 
NetMRI,  an  automated  Best  Practices  based  network 
management  appliance.  NetMRI  is  the  most  comprehen¬ 
sive,  fully  integrated  network  diagnostic  tool  for  enter¬ 
prise  and  government  networks. This  plug  and  play  unit 
allows  a  network  engineer  to  easily  and  quickly  identify 
issues  with  respect  to  VoIP,  configuration  compliance, 
VLAN,  and  IP  within  the  network. 

CHALLENGE:  As  technology  is  becoming  an  integral 
part  of  everyday  business,  enterprises  are  placing  more 
rigorous  demands  on  their  networks,  expecting  high 
reliability,  rapid  response  time,  consistency  and  compli¬ 
ance.  These  demands  have  network  engineers  searching 
for  a  way  to  proactively  and  cost-effectively  manage  the 
network  infrastructure  without  utilizing  too  much  staff 
time  and  energy. 

SOLUTION:  Netcordia  provides  the  solution  with 
NetMRI,  an  award-winning  network  analysis  appliance 
that  goes  beyond  reporting  to  provide  analysis  based 
upon  expert  rules  and  best  practices.  With  NetMRI,  net¬ 
work  managers  can  optimize  their  networks,  pinpointing 
and  solving  present  and  potential  hot  spots.  What  may 
have  previously  taken  numerous  IT  professionals  hun¬ 
dreds  of  hours  to  uncover,  a  single  NetMRI  unit  now  easily 
finds  in  minutes. 

Monitoring  and  network  management  tools  typically 
capture  statistics  from  interfaces,  links  and  protocols, 
draw  maps  and  graphs  and  send  real  time  alerts  about 
fault  conditions.  NetMRI  correlates  the  statistics  and 
applies  rules  of  logic  for  troubleshooting  in  a  useful 
browser-based  view  or  report.  NetMRI  takes  the  next  step 
with  its  configuration  capabilities  that  allow  customers  to 
automatically  fix  problems,  and  create  their  own  custom 
best  practices.  NetMRI  establishes  accuracy,  integrity  and 
reliability  in  significantly  less  time  than  legacy  offerings. 


OVERVIEW:  Established  in  1903,  Siemon™  special¬ 
izes  in  the  manufacture  and  innovation  of  high- 
performance  network  cabling  solutions.  One  of  only 
three  network  cabling  companies  with  true  global 
capabilities,  Siemon  offers  the  most  comprehensive 
suite  of  copper  and  fiber  cabling  systems  available. 

With  over  400  active  patents  specific  to  structured 
cabling,  Siemon  Labs™  invests  heavily  in  R&D  and 
industry  standards,  underlining  the  company's  long¬ 
term  commitment  to  its  customers  and  the  industry. 

CHALLENGE:  According  to  the  London  Metal 
Exchange,  the  price  of  copper  has  tripled  in  the  past 
four  years,  rising  over  59%  between  January  and  May 
of  2006  alone.  With  copper  prices  soaring  globally  and 
showing  little  signs  of  stabilizing,  network  cabling  com¬ 
panies  have  been  forced  to  adjust  copper  cable  pricing 
accordingly. 

SOLUTION:  Through  the  standards-accepted  practice 
of  cable  sharing,  Siemon's  fully-shielded  category  7/class 
FTERA®  cabling  system  allows  up  to  4  applications  to 
run  over  a  single  cable,  potentially  reducing  the  num¬ 
ber  of  copper  cabling  channels.  By  virtue  of  individually 
foil-wrapped  pairs  and  overall  screen,  S/FTP  cable  allows 
multiple  applications  to  run  without  internal  interference. 

S/FTP  cable  construction  is  further  supported  by  the 
TERA  4-quandrant  isolated  outlet  which  can  be  easily 
terminated  in  less  than  3  minutes.  Fitting  within  a  stan¬ 
dard  RJ  footprint,  the  combination  of  the  TERA  outlet 
and  TERA  to  RJ  patch  cords  allows  simple  facilitation  of 
cable  sharing.  As  with  traditional  cabling  channels,  all 
four  pairs  of  each  cable  are  terminated  in  a  single  outlet. 
However,  unlike  an  RJ  interface,  the  TERA  outlet  can 
support  up  to  4  one-pair  cords,  2  two-pair  cords  or  a 
combination  of  the  two,  without  the  need  for  additional 
splitters  or  adapters. 


•  DiagnosticBase™  best  practices  built  in 

•  Automatically  discovers  entire  infrastructure, 
analyzes  it,  and  makes  suggestions 

•  Easy  to  understand,  self  running 

•  Low  total  cost  of  ownership 

Netcordia 

NetMRI” 

410-266-6161 

www.netcordia.com 


Depending  on  the  applications,  a  single  TERA  cable  can 
replace  up  to  4  copper  channels.  With  copper  prices 
significantly  raising  the  cost  of  cable,  this  reduction  in 
total  cable  runs  can  provide  an  immediate  cost  benefit. 

Siemon's  in-depth  whitepaper  detailing  the  practice  of 
cable  sharing  is  available  online  at  www.siemon.com 
or  at  www.networkworld.com 


S  I  E  Ml  O  IVi 


800-945-4200 

www.siemon.com 
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The  benefits  of 
thin  clients 


What  do  you  do  when  two-thirds  of  your  company’s 
employees  work  in  remote  locations  that  don’t  have 
IT  support? 

Bring  all  the  complex  stuff  back  into  the  data  center  where 
you  can  control  it,  says  Jack  Wilson,  enterprise  architect  at 
Amerisure.a  property  and  casualty  mutual  insurance  com¬ 
pany  in  Farmington  Hills,  Mich. 

Even  the  desktops.  None  of  the  PCs  used  by  Amerisure’s 
800  employees  were  managed  or  locked  down  when  Wilson 
was  hired  two  years  ago,  making  those  resources  hard  to 
manage.  Compounding  the  problem:  450  of  the  company’s 
workers  are  in  eight  remote  locations. 

Users  could  load  anything  they  wanted,  which,  combined 
with  the  usual  mix  of  disk  and  power  failures,  added  up  to  a 
constant  headache,  Wilson  says.  Worse  still,  the  company  had 
to  rely  on  third-party  support, so  it  would  take  anywhere  from 
two  hours  to  a  full  day  to  resolve  outages. 

To  reclaim  control  Wilson  installed  Wyse  thin  clients  on 
remote  desktops,  a  Dell  blade  server  at  headquarters  and 
Citrix  software  to  bridge  the  two. 

The  thin  clients,  which  don’t  have  disks,  run  a  stripped- 
down  version  of  Linux  that  allows  network  connections  and 
supports  a  browser.  Each  blade  can  support  45  to  60  ses¬ 
sions,  everything  from  Outlook  and  Word  to  3270  emulation. 
“We  publish  a  desktop  that  looks  like  a  PC,”Wilson  says.’All 
the  user’s  apps  are  available.” 

The  benefits  so  far: 

•  The  company  can  update  all  software  at  once. 

•  Users  can’t  load  software,  so  the  company  is  left  with  a 
standard  set  of  tools  that  are  easier  to  maintain  and  the  envi¬ 
ronment  has  become  more  stable. 

•  Help  desk  calls  are  down  35%  to  40%. 

•  Some  applications  run  faster  now  because  the  architec¬ 
ture  eliminated  some  database  activity  across  the  WAN. 

•  Amerisure  can  step  off  the  PC-upgrade  treadmill. “The 
thin  client  costs  $230,  and  when  you  add  the  cost  of  Citrix 
and  the  blade  servers,  you  get  up  to  just  less  than  the  cost  to 
upgrade  a  PC,”Wi!son  says.“But  you  have  to  upgrade  PCs 
every  three  years,  which  cost  us  just  about  $1  million.  We’ll  go 
one  or  two  refresh  cycles  without  having  to  do  anything.” 

•  Business  continuity  planning  is  easier  because  the  com¬ 
pany  no  longer  has  to  maintain  spare  PCs  with  the  latest 
image  in  case  a  location  is  rendered  uninhabitable.“Now  we 
just  need  to  send  out  thin  clients  and  people  can  get  back  to 
work  anywhere  there  is  Internet  connectivity;’ he  says. 

The  remote  locations  have  been  upgraded  with  nary  a 
whimper,  Wilson  says,  maybe  because  users’ old  17-inch  CRTs 
were  replaced  with  19-inch  flat  screens.  Headquarters  is  next. 

—  John  Dix 
Editor  in  chief 
jdix@nwu>.com 


You  get  what  you  pay  for 

Regarding“Help  wanted”  (www.nwdocfinder.com/ 
5726):  I’m  a  senior  systems  administrator  with  a  pro¬ 
gramming  and  infrastructure  background  (main¬ 
frame,  midrange  and  PC).  I  have  several  certifica¬ 
tions,  am  president  of  a  peer-to-peer  IT  group  and  sit 
on  the  board  of  a  technology  council.  I  just  do  not 
see  the  jobs  that  these  CIOs  are  saying  they  have.The 
job  openings  I  have  seen  —  well,  the  companies  do 
not  want  to  pay. They  want  the  talent,  and  they  want 
it  cheap.  I’ve  witnessed  the  outsourcing  of  work  and 
positions  to  overseas  companies  and  seen  the  fail¬ 
ures  that  result.  These  CIOs  should  advertise  their 
positions,  be  willing  to  pay  and  trust  that  a  qualified 
American  technology  professional  will  adjust  to  the 
position  and  produce.  I  understand  the  current 
trend  is  to  produce  something  to  the  business  units 
every  three  months,  but  I  don’t  see  that  happening 
with  Hl-B  Visa  candidates. There  is  a  definite  differ¬ 
ence  in  the  business  philosophy  overseas  and  in  the 
United  States.  If  these  CIOs  want  to  deliver  service  to 
their  business  units,  they  need  to  offer  some  decent 
salaries  and  be  willing  to  let  the  highly  skilled 
American  technologist  take  the  job. 

A  great  example  is  the  so-called  shortage  of  main¬ 
frame  systems  programmers.  One  would  think  the 
salaries  would  be  skyrocketing.  But  I  see  the  posi¬ 
tions  going  unfilled,  waiting  to  be  outsourced  (or  to 
go  to  a  Hl-B  Visa  holder)  in  lieu  of  paying  an 
American  a  higher  wage  to  learn  on  the  job  or  use 
skills  that  he  has  for  that  job. 

David  DeWall 
Senior  systems  administrator 
Erie  Indemnity  Co. 

Erie,  Pa. 

Every  time  I  read  an  article  about  the  shortage  of 
skilled  IT  workers  in  which  companies  claim  they 


can’t  find  IT  employees  with  business  skills,  I  want  to 
scream.  I  hold  a  degree  in  business  and  a  master’s 
degree  in  management.  I  was  a  successful  entrepre¬ 
neur  before  entering  IT.  I’ve  been  in  IT  for  almost 
nine  years  and  have  enough  IT  certifications  to 
cover  a  large  wall,  including  a  Certified  Information 
Systems  Security  Professional  (CISSP).Yet  compa¬ 
nies  and  recruiters  want  to  know  only  about  my 
technical  skills. 

Shortly  after  earning  my  CISSP  I  met  with  a 
recruiter  for  a  prestigious  IT  recruiting  firm  in 
Atlanta.  After  looking  at  my  resume,  the  recruiter 
commented  that  he  had  never  seen  anyone  with 
both  IT  and  business  backgrounds.  After  concentrat¬ 
ing  entirely  on  my  technical  skills  during  the  meet¬ 
ing,  he  said,  “I  have  no  idea  how  to  market  you.”  I 
have  not  heard  from  him  or  his  firm  since. 

Jon  Banks 
Powder  Springs,  Ga. 

I’m  pleased  to  see  that  a  representative  of  the 
Society  for  Information  Management  (SIM)  recom¬ 
mends  hiring  entry-level  IT  people.  I  just  read  a  SIM- 
sponsored  research  report  that  says  many  compa¬ 
nies  eschew  entry-level  people  because  they  offer 
only  skills  that  are  easily  obtained  from  outsourcers. 
For  example,  why  do  you  need  an  in-house  help 
desk?  Pay  for  that  service  from  someone  else.  The 
problem  is,  this  removes  an  opportunity  to  bring  in 
new  people  who  need  to  learn  your  business  from 
the  bottom  up.  Without  them,  five  years  from  now 
you  will  not  have  the  seasoned  worker  you  need. 

Linda  Musthaler 
Principal  analyst 
Essential  Solutions 
Houston 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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USER  VIEW 
Chuck  Yoke 


Engineering,  finance  are  no  longer  separate 


During  the  22  years  I’ve  been  in  technology  I 
have  worked  with  and  managed  some  of 
the  most  intelligent  and  technically  astute 
network  engineers  and  architects.  Their  knowl¬ 
edge  of  network  engineering  and  data  communi¬ 
cations  far  exceeded  anything  I  ever  knew.  While 
I  needed  a  subnet  calculator,  Cisco  cheat  sheets 
and  Newton’s  Telecom  Dictionary  to  design  net¬ 
works,  these  engineers  casually  discussed  class¬ 
less  interdomain  routing  blocks,  Open  Shortest 
Path  First  route  summarizations,  and  Border 
Gateway  Protocol  confederations.  As  I  was  skim¬ 
ming  the  daily  comics  over  morning  coffee,  they 
were  reading  Radia  Perlman’s  Interconnections : 
Bridges  and  Routers  and  arguing  the  intricacies  of 
Spanning  Tree  Algorithms. 

Yet  for  all  their  knowledge,  many  of  these  peo¬ 
ple  could  not  accurately  calculate  equipment 
costs,  implementation  costs  and  total  cost  sav¬ 
ings.  A  proposal  for  $250,000  in  equipment  that 
would  generate  $1  million  in  annual  savings 
would  ultimately  cost  $500,000  in  equipment, 
implementation  and  migration  costs  with  no 
cost  savings  in  the  first  year,  partial  savings  in  the 
second  and  $1  million  annual  savings  achieved 
only  in  the  third.  But  by  then,  the  equipment  was 
outdated,  and  they  needed  another  $250,000  — 


or  $500,000  —  to  maintain  the  savings. 

This  was  acceptable  during  the  late  1990s,  when 
technology  was  a  business  requirement  and  cost 
justification  was  a  minor  concern.  The  ability  to 
do  something  faster  was  often  justification  in 
itself, and  new  equipment  every  two  to  three  years 
was  just  a  cost  of  doing  business. 

This  changed  when  the  Internet  bubble  burst  in 
2001.  Technology  went  from  a  strategic  require¬ 
ment  to  an  operational  cost  item  in  the  budget. 

If  you’re  an  engineer,  don’t 
tell  me  you  don’t 
understand  finance. 

Most  companies  now  require  a  real  return  on 
their  technology  investments.  As  a  result,  engi¬ 
neers  need  to  be  able  to  quantify  the  savings  that 
new  technology  will  generate.  More  important, 
they  must  accurately  state  when  these  savings  will 
be  realized.  From  a  cash-flow  basis,  a  $500,000 
investment  that  generates  a  $1  million  savings  in 
the  first  year  is  very  different  from  a  $500,000 
investment  that  generates  no  savings  in  that  year 
and  $2  million  savings  in  the  next. 

If  engineers  want  to  be  valued  resources  in 


today’s  business  world,  they  need  to  understand 
financial  concepts  such  as  cost  savings,  cost 
avoidance  and  cash  flow.  They  also  need  to  be 
able  to  quantify  the  implementation  costs  that 
can  affect  savings.  Items  such  as  circuit  overlap 
costs,  installation  charges,  contractor  costs,  soft¬ 
ware  licenses  and  maintenance  fees  need  to  be 
factored  into  the  overall  financial  justification. 

Finance  departments  can  calculate  equipment 
depreciation  but  are  not  always  aware  of  the  costs 
required  to  implement  networks.  Engineers  know 
what  is  involved,  and  need  to  be  able  to  quantify 
these  costs  and  their  impact  on  the  savings  time¬ 
line.  And  when  issues  arise  that  can  increase 
these  costs,  engineers  need  to  take  the  lead  in 
resolving  the  problems  and  controlling  the  costs. 

If  you’re  an  engineer,  don’t  tell  me  you  don’t 
understand  financed  was  reading  “Peanuts”  while 
you  were  reading  about  Ethernet’s  stochastic  col¬ 
lision  recovery  I  was  struggling  to  understand 
basic  IP  class  addressing  while  you  were  dis¬ 
cussing  variable-bit  subnet  masks.  If  I  can  under¬ 
stand  circuit  overlap  costs, you  can,  too. 

Yoke  is  director  of  strategy  and  architecture  for  a 
global  travel  and  real  estate  corporation.  He  can  be 
reached  at  ckyoke@yahoo.com. 


ON  SECURITY 
Winn  Schwartau 


On  the  road  to  operating  system  glasnost 


What  if  they  wrote  an  operating  system  and 
nobody  logged  on?  In  May  2005, 1  wrote  a 
column  called  “Mad  as  hell,  switching  to 
Mac”  (www.nwdocfinder.com/5272). A  lot  of  folks 
got  mad  as  hell  at  me,  but  not  nearly  as  many  as 
those  who  began  migrating  to  the  SOW  — 
Something  Other  than  Windows  —  operating  sys¬ 
tem.  My  reasons  for  migrating  my  company  (and 
friends,  and  clients)  to  OS  X  were  based  on  secu¬ 
rity  issues,  from  malware  to  availability 
Then  along  came  Core  Duo.  Even  Walter  Moss- 
berg,  The  Wall  Street  Journafs  geek  curmudgeon, 
called  the  first  generation  of  Apple-Intel  gear  the 
finest-engineered  computer  in  the  history  of  the 
universe  (slight  literary  license). OS  X  was  already 
considered  a  rock-solid  platform,  but  with  the 
migration  to  an  Intel  platform,  suddenly  the  Mac 
was  no  longer  just  a  Mac;  it  had  entered  main¬ 
stream  consciousness. 

Now  along  comes  Vista.The  bad  news  is  that  to 
take  advantage  ofVista’s  aero  look/feel  and  other 
enhancements,  some  serious  hardware  is  re¬ 
quired.  That’s  money  The  bad  news  is  that  the 
reviews  seem  to  agree:  Vista  is  a  nice,  pleasant  XP 
makeover,  but  is  it  worth  the  new  software  and 
licensing  fees?  That’s  money. The  bad  news  is  that 
Microsoft  is  trying  to  implement  its  own  security 
The  European  Union  and  top  security  firms  are 
furious  about  the  kernel  lockout,  thus  allegedly 
keeping  many  third-party  developers  from  offer¬ 
ing  Vista  security  products.  The  bad  news  is  “who 
wants  to  migrate  an  enterprise  to  Version  1 .0”  of 
anything  that  can  affect  negatively  operations  and 
security  because  of  unknown  glitches  we  expect 
in  first  releases.The  bad  news  is  that  Vista  and  the 


new  Office  are  so  different  as  to  require  addi¬ 
tional  employee  training.That’s  money 
In  addition,  along  comes  virtualization. 
Virtualization  software  for  running  Windows  on 
Linux  and  Macs  from  start-up  Parallels  is  yet 
another  major  step  toward  complete  operating 
system  glasnost:  the  total  openness  of  choice  of 
operating  system  on  single  hardware  platforms 
based  on  applications  and  operational  needs 
rather  than  contrived  functional  availability 
Virtualization  is  perhaps  the  single  greatest  secu¬ 
rity  tool  of  the  third  millennium.  Consider  this: 
Assuming  you  can  budget  new  hardware  for  a 
pilot  rollout,  get  Macs.  Kill  the  old  PCs  (tax  bene- 

What  if  they  wrote  an 
operating  system  and 
nobody  logged  on? 

fits?)  and  use  the  XP  licenses  on  new  partitions. 
Just  for  giggles  (but  not  necessary), install  Linspire 
Five-0.  Cost:  about  the  same  as  or  less  than  a  Vista- 
ready  WinTel  PC, and  you  get  three  distinct  operat¬ 
ing  environments, each  with  its  own  pros  and  cons 
—  such  as  security  Then,  make  four  rules: 

•  Never  touch  the  Internet  with  the  Windows 
side  of  your  Mac/Intel/Win/Linux/PC.  You  will 
achieve  pretty  decent  Internet  security  from  the 
Unix-based  Mac/Linux  side.  A  well-configured 
Google  and  open  source  desktop  makes  a  fine 
additional  layer  of  defense  to  Internet  application 
server  protection. 

•  Use  only  Mac  Office  or  OpenOffice.  Viruses 
and  worms  cannot  (yet)  migrate  in  OS  X  and 


Linux.  Use  that  as  a  free  security  advantage.  Are 
the  apps  100%  compatible?  For  superadvanced 
application  use,  this  might  not  work.  But  it  all  is 
getting  better. 

•  Use  only  browsers  in  the  OS  X  and  Linux  par¬ 
tition.  We  generally  don’t  care  if  home  users  who 
access  our  applications  are  PC,  Mac  or  Linux.  We 
shouldn’t  internally,  either. 

•  Use  only  the  PC/XP  partition  for  those  appli¬ 
cations  that  absolutely  must  be  Windows  based. 

What  will  you  achieve?  Operating  system  glas¬ 
nost  —  the  opening  of  the  desktop  to  operate  in 
any  domain,  with  increased  security  letting  man¬ 
agement  have  a  wider  range  of  application 
options.  A  platform  you  can  tailor  to  your  applica¬ 
tion  needs  across  three  environments,  putting  the 
choice  back  into  the  hands  of  management.  (You 
will  find  that  in  many  cases  only  one  robust  envi¬ 
ronment  is  needed,  but  it’s  nice  to  know  you  can 
do  anything  you  want.)  Cost  reductions  in  security 
licensing  and  security  application  compatibility 
Less  reliance  on  the  user  to  do  things  right.  By 
removing  the  fertile  agar  environment  of  WinTel  for 
all  applications, the  security  risks  will  go  way  down. 

Is  this  perfect?  No.  Is  it  a  tradeoff?  Sure.  Is  it 
doable?  Yes.  If  you’re  looking  for  the  Vista/OS  X 
appearance  (you  gotta  get  new  hardware  any¬ 
way)  and  to  lower  costs  and  maintain  existing 
architectures,  give  this  pilot  a  try:  Then  let  me 
know  how  it  goes. 

Schwartau  is  a  security  writer,  lecturer  and  presi¬ 
dent  of  Interpact,  a  security  awareness  consulting 
firm.  He  can  be  reached  at  winn@thesecu 
rityawarenesscompany.  com. 
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Many  of  the  network  wares  sold  on  eBay  are  counterfeit,  particularly  if 
they’re  coming  from  China  and  are  deeply  discounted  such  as  this  listing. 
A  small  reseller  would  pay  about  $700  for  the  real  deal. 


Fake  goods 

Counterfeit 

continued  from  page  1 

What  he  didn’t  know  was  that  phony  network  equip¬ 
ment  had  been  quietly  creeping  into  sales  and  distrib¬ 
ution  channels  since  early  2004,  when  manufacturers 
began  seeing  more  returns,  faster  mean-time  between 
failures  and  higher  failure  rates, says  Nick  Tidd,  vice 
president  of  North  American  channels  for  3Com  and 
president  of  the  Alliance  for  Gray  Market  and  Counter¬ 
feit  Abatement  (AGMA). 

Counterfeit  gear  has  become  a  big  problem  that 
could  put  networks  —  and  health  and  safety  —  at  risk. 
“Nobody  wants  to  say  they’ve  got  counterfeit  gear 
inside  their  enterprises  that  can  all  of  a  sudden  stop 
working.  But  it’s  all  over  the  place,  just  like  pirated  soft¬ 
ware  is  everywhere,” says  Sharon  Mills,  director  of  IT 
procurement  organization  Caucus. 

There  are  no  statistics  specific  to  network  hardware 
counterfeit  rates.  But  according  to  a  white  paper  by 
AGMA  and  consulting  company  KPMG,  counterfeit 
products  account  for  nearly  10%  of  the  overall  IT 
products  market. 

“That’s  $100  billion  in  fake  memory  sticks,  drives,  mon¬ 
itors,  networking  gear  and  other  IT  products  floating 
around  out  there  in  black  and  gray  market  channels. 
This  has  huge  implications  for  the  enterprise,”  says  Tidd, 
who  became  involved  in  his  first  counterfeit  case  in 
2001. That  case  led  him  to  a  Canadian  reseller  who  also 
was  under  investigation  by  HPOut  of  that  case,  3Com 
and  HPalong  with  Cisco  and  Nortel,  founded  AGMA. 

Vendors  and  resellers  started  seeing  counterfeit  in  the 
gray  market  channel  where  used  and  refurbished  prod¬ 
ucts  are  sold, says  Phillip  Wright,  director  of  worldwide 
brand  protection  for  Cisco,  which  is  the  most  counter¬ 
feited  brand. That’s  when  the  supply  of  out-of-box  sec¬ 
ondhand  equipment  from  the  dot-com  fallout  dried  up. 

“Users  got  a  taste  for  new  used  equipment  at  bargain 
prices.  So  counterfeiters  moved  in  to  meet  the 
demand, ’’Wright  says.“It  didn’t  help  that  some  resellers 
turned  a  blind  eye  to  possible  counterfeit  so  they 
could  keep  their  own  revenue  streams  going.” 

The  vast  majority  is  still  being  purchased  from  gray 
market,  uncertified  resellers  who  unload  their  goods 
on  eBay  at  extremely  low  prices,  says  Scott 
Augenbaum, supervisory  special  agent  for  the  FBI 
Cybercrime  Fraud  unit  in  Washington,  D.C. 

These  parts  sometimes  move  sideways  into  the  hands 
of  legitimate  resellers  and  integrators. 

“Recently,  I  did  some  voice  over  IP  integration  for  a 
client  in  Huntsville,  and  the  engineer  there  asked  if  he 
could  pay  me  with  five  extra  VoIP  network  cards  he  had 
left  over  from  the  project,” says  Neal  Rauhauser,  founder 
of  Layer  3  Arts,  a  system  integrator  in  Omaha.“I  got  four 
cards  I  could  use,  and  one  that  was  counterfeit.” 

Fortunately  Rauhauser  never  installs  anything  before 
checking  it  first.  He’s  wise  to  counterfeits,  having  had  his 
first  run-in  with  such  products  in  2004,  when  two  of  six 
new  Cisco  1721  routers  started  acting  up  at  one  of  his 
client  sites,  a  large  auto  manufacturer  in  Michigan.They 
turned  out  to  be  counterfeit,  and  he  has  since  been  cam¬ 
paigning  against  counterfeit  products. 

There  were  visible  differences  between  the  counter¬ 
feit  and  the  real  gear,  he  says,  but  only  after  close  in¬ 
spection. 'Hie  counterfeit  VoIP  card  had  a  brand-new 
box  even  though  the  card  was  4  years  old.  He  also 
noticed  discrepancies  in  packaging  and  labeling. 

“The  printing  on  the  bar-code  label  was  fuzzy  like  it’d 


been  printed  off  a  low-quality  printer 
instead  of  a  laser.  And  its  internal 
packaging  was  a  plastic  bag  instead 
of  a  plastic  box  like  the  others,” 

Rauhauser  says. 

He  contacted  the  customer  who 
gave  him  the  product,  and  the  cus¬ 
tomer  admitted  he  bought  the  cards 
off  eBay  The  four  good  cards  came 
from  a  reputable  seller. The  bad  card 
came  fromTFS  Systems,  which  claims 
to  be  a  Cisco  registered  reseller  that 
buys  only  from  Cisco’s  top-tier  distrib¬ 
utors.  Rauhauser  took  pictures  of  the 
differences  in  products  and  called 
TFS  to  find  how  they  wound  up  sell¬ 
ing  counterfeit  product  to  his  client. 

“They  were  ready  to  pull  my  leg 
and  tell  me  I  was  wrong.  So  I  told 
them  I  was  going  to  the  FBI,”  Rau¬ 
hauser  says.“Then  they  asked  me  to  box  it  up  again, 
keep  it  pristine  and  they’ll  get  me  my  money  I’m  sure 
they  sold  it  again  on  eBay  right  after  they  got  it.” 

In  the  MortgagelT  case,  Bruner  figures  his  represen¬ 
tative  at  Atec  got  burned  when  she  went  outside  her 
normal  supplier  to  purchase  the  cards  in  late  2004. 

“We  were  notoriously  cheap  with  our  equipment  pur¬ 
chases,  so  she  might  have  bought  from  someone  besides 
Ingram,  her  usual  supplier,  to  get  us  a  better  bargain,”  says 
Bruner,  who  left  MortgagelT  in  July,  shortly  after  Deutsch 
Bank  signed  an  agreement  to  buy  the  company 

How  Atec  came  into  possession  of  the  counterfeit 
WAN  interface  cards  can  only  be  hypothesized  because 
repeated  calls  and  e-mail  to  Bruner’s  former  representa¬ 
tive  at  Atec,  and  to  the  company  vice  president,  were  not 
returned. The  company’s  operations  manager  says 
MortgagelT  was  a  big  client,  and  sales  representatives 
don’t  see  the  gear  that’s  being  shipped  to  their  clients. 

Gambling  on  quality 

No  matter  how  the  counterfeits  got  into  MortgatelT’s 
authorized  channel,  such  slippages  highlight  the  com¬ 
plexities  of  dealing  with  this  problem  —  not  just  in  the 
sales  and  distribution  channels,  but  also  in  the  manu- 

Purchase  protection 

Many  people  don’t  realize  they  have  counter¬ 
feit  network  equipment  until  it’s  installed  and 
begins  acting  quirky  or  fails  outright. 

•  Don’t  shop  on  eBay  for  deeply  discounted  gear, 
particularly  from  sellers  in  China. 

•  Don’t  go  outside  your  trusted  channel  to  buy  criti¬ 
cal  network  components. 

•  If  you're  in  the  market  for  refurbished  gear,  the 
safest  bet  is  to  purchase  certified  products  through 
the  manufacturer. 

•  Check  serial  numbers  against  the  vendor  database. 

•  Check  the  packaging  carefully,  inspecting  for  any¬ 
thing  out  of  the  ordinary  in  the  logo,  size  and  type  of 
packaging  materials  by  comparing  them  with  oth¬ 
ers  in  the  same  shipment. 

•  Closely  examine  the  gear  and  compare  holograms 
and  chip  sets. 


facturing  supply  chain,  says  Pete  van  de  Gohm,  director 
of  IT  security  and  quality  at  Bayer. 

AGMAsTidd  acknowledges  this,  adding, “In  some  geo¬ 
graphies,  you’ve  got  resellers  and  distributors  blending 
their  inventories,  which  is  why  a  single  shipment  might 
contain  five  good  and  five  counterfeit  parts.” 

It’s  difficult  to  control  past  the  distributor  layer, Tidd 
says,  especially  when  Cisco  has  28,000  registered  re¬ 
sellers,  3Com  has  3,000  and  so  on. 

That  means  organizations  face  loss  of  equipment  that 
vendors  may  or  may  not  support  (Cisco  handles  on  a 
case-by-case  basis). They  also  could  experience  critical 
network  outages  that,  in  the  right  circumstances,  could 
affect  human  health  and  safety 

“What  if  it  wasn’t  a  bank  subnet  that  went  offline 
because  of  a  faulty  card  in  the  router?  What  if  it  were 
an  air-traffic  control  network  instead?”  van  de  Gohm 
asks.“This  is  no  different  than  counterfeit  medicine  in 
the  pharmaceutical  industry  And  it’s  potentially  just  as 
life-threatening.” 

Such  concerns  also  grip  the  network  vendors  whose 
reputations  and  brands  are  at  stake  if  they  can’t  stop 
the  dumping  of  counterfeit  parts  into  the  channel.“We 
worry  about  things  like  wiring  in  the  motherboard 
overheating  and  the  potential  for  network  outages  that 
would  impact  personal  health  and  safety’ Wright  says. 

Manufacturers  are  working  on  ways  to  make  their 
products  harder  to  clone  through  use  of  packaging 
labels,  logos  and  three-dimensional  holograms.Vendors 
such  as  3Com  are  working  on  RFID  tagging  systems,  and 
cryptographic  machine  authentication  is  a  viable  option 
to  help  devices  call  home. 

For  the  past  few  years,  Cisco  and  3Com  have  been 
building  anticounterfeit  culture  into  every  level  of  their 
product-to-market  channels,  educating  suppliers  and 
distributors  about  what  they  need  to  do  to  protect  their 
own  channels,  while  building  international  investiga¬ 
tive  teams  to  help  law  enforcement  agencies  shut 
counterfeiters  down. 

Cisco’s  30  investigators  stationed  worldwide  are  dedi¬ 
cated  to  200  active  counterfeit  cases  at  any  given  time. 
From  the  Mandarin  characters  on  the  back  of  his  busi¬ 
ness  card,  it’s  clear  that  Wright  spends  a  lot  of  time  in 
China.  And  a  whiteboard  behind  Wright’s  desk  has  a 
hand-drawn  diagram  titled  “Stopping  the  counterfeit 
floty’ which  contains  multiple  loops  back  to  Chinese 
distribution  and  law  enforcement  intervention  points. 

According  to  Wright  and  Tidd,  China  is  the  source  for 
most  counterfeit  gear. Tidd  toured  multiple  floors  of 
counterfeit  consumer  electronics  and  network  gear 
last  year  at  a  public  shopping  mall  in  Shenzhen,  China. 
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Can  you  spot  the  fake? 

UNFORTUNATELY  FOR  IT  BUYERS,  clones  and  packaging  of 
counterfeit  gear  are  getting  more  realistic.  Vendors  would  rather 
not  share  this  information,  because  they  believe  it  tips  their  hands 
to  the  bad  guys.  But  resellers  and  buyers  who  are  trying  to  stop 
the  flow  of  fakes  suggest  looking  for  these  subtle  differences  in 
packaging  and  equipment  that  could  raise  suspicions: 


The  writing  on  the  WIC 


The  RJ-48  on  the  real 
WIC  has  "stewart”  writ¬ 
ten  on  the  inside. The 
external  metal  surface 
has  a  frosted  texture. 


The  RJ-48  on  this  fake  WIC  has 
"GLG”  written  on  the  inside  and 
small  dots  on  the  external  sur-_ 
face  simulate  the  texture  of  the 
authentic  card. 


Home  in  on  the  hologram 


Packaging  particulars 


These  products  used  to  come  in  bags. 
While  this  isn't  a  firm  indication  of 
counterfeit  status,  it’s  something  to 
watch  for. 


New  WAN  interface  card/voice  interface 
cards  are  packaged  in  plastic  clamshells. 


Thinking  out  of  the  box 


The  top  box  is  made  of  thick;  dark  cardboard.  Its  label  has  thick,  dark 
lines,  and  it  has  the  tell-tale  hologram. The  bottom  box  looks  and 
feels  inexpensive,  and  the  serial  number  datecode  predates  the 
release  of  the  VIC2-4FXO. 


Now  you  give  it  a  shot 
Which  is  the  real  deal? 
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“3Com  has  done  raids  in 
China,  cooperating  with  local 
law  enforcement  who’ve  shut 
down  factories  and  seized 
counterfeit  goods.  Once  they’ve 
done  the  seizure,  we  go  in  and 
try  to  figure  out  how  many 
boxed  products  went  out 
before  they  were  shut  down,” 
Tidd  says.“Unfortunatelyas  fast 


as  you  shut  the  factories  down, 
other  factories  go  back  up.” 

According  to  the  AGMA  study 
the  United  States  is  the  second 
major  point  of  origin  for  coun¬ 
terfeit  goods  —  California,  in 
particular, say  Rauhauser  and 
Dana  Andrews,  owner  of  Digitial 
Surplus  in  Boston. They  point  to 
the  port  of  Los  Angeles  as  a  big 


dumping  ground  for  Chinese 
counterfeit  parts  and  to  Silicon 
Valley  as  a  place  of  production. 

Since  1994,  Andrews  has 
made  a  pastime  of  helping  fed¬ 
eral  agents  catch  criminals  he 
says  are  polluting  the  reseller 
channel  and  costing  him  his 
business.  In  February,  he  helped 
the  FBI  catch  a  fraudulent 


buyer  who  had  set  up  a  phony 
escrow  company  and  tried  to 
scam  Andrews  out  of  half  a  mil¬ 
lion  dollars  worth  of  Cisco  gear. 

While  several  law  enforce¬ 
ment  agencies  contacted  for 
this  story  won’t  talk  about  spe¬ 
cific  cases,  a  June  raid  on  Sun 
Valley  Technical  Repair  in 
Morgan  Hill,  Calif.,  could  turn 
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out  to  be  a  big  case  of  counter¬ 
feit  in  Silicon  Valley 

Reports  in  the  Sort  Francisco 
Chronicle  made  it  appear  at  first 
like  an  immigration  raid,  as  12 
illegal  immigrants  (1 1  from 
Mexico  and  one  from  Colom¬ 
bia)  were  taken  away  But  that 
wouldn’t  explain  the  presence 
of  so  many  agencies,  including 
the  FBI,  the  U.S.  Immigration 
and  Customs  Enforcement,  the 
U.S.  Postal  Service  and  the 
Rapid  Enforcement  Allied 
Computer  Team,  which  investi¬ 
gates  large-scale,  high-tech  pira¬ 
cy  and  counterfeit  cases. 

Law  enforcement  efforts  are 
helping  to  shut  these  factories 
down,  say  Tidd  and  Wright,  who 
is  active  with  Business  Action 
to  Stop  Counterfeit  and  Piracy, 
which  is  sponsored  by  the 
International  Chamber  of 
Commerce. 

H.R.32,the  Stop  Counterfeiting 
in  Manufactured  Goods  Act, 
signed  by  President  Bush  in 
March, should  also  make  a 
strong  deterrent,  experts  say  The 
act  sets  prison  terms  of  as  many 
as  20  years  and  fines  of  as  much 
as  $15  million  for  counterfeiting 
in  what  the  International 
Anticounterfeiting  Coalition 
praises  as  a  direct  response  to 
“dangerous  international  coun¬ 
terfeiting  problem  that  is  threat¬ 
ening  the  U.S.  economy  costing 
U.S.  jobs  and  harming  citizens.” 

Industry  leaders  need  to  do 
more  to  keep  counterfeit  out  of 
the  distribution  channel,  res¬ 
ellers  and  users  say  before  it 
affects  public  safety. 

“The  networking  industry 
should  reach  out  to  other 
industries  that  have  problems 
with  counterfeit  parts,”  van  de 
Gohm  adds.“The  industry 
should  apply  the  best  practices 
already  learned  in  the  auto, 
pharmaceutical,  airplane  and 
other  industries  where  coun¬ 
terfeit  parts  could  result  in  loss 
of  life.” 

Radcliff  is  a  freelance  writer. 
She  can  be  reached  at  deb@rad 
cliff.com. 
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WIDEBAND  ETHERNET  SWITDN  : 


WB28GMPR0 


WideBand  www.wband.com 


NetResults  3.20 


$3,300. 


Pros:  High  throughput;  low  latency;  low  cost. 


switch:  Affordable  and  fast 


Cons:  No  CLI  or  Web  management;  performance 
issues  with  link  aggregation. 

The  Breakdown 


BY  DAVID  NEWMAN,  NETWORK  WORLD  LAB  ALLIANCE 

Network  managers  driven  by  frugality,  patriotism  or  both,  might  want  to  con¬ 
sider  the  WideBand  WB28GMPRO,  a  low-cost  managed  Gigabit  Ethernet 
switch  made  in  the  American  heartland. 


In  a  market  awash  in  Layer-2  managed  Ethernet  switches, 
this  device’s  key  differentiator  is  its  list  price  of  $3,328.That’s 
far  less  than  prices  for  managed  access  switches  from 
major  vendors  such  as  Cisco,  Extreme  and  Foundry  Net¬ 
works, but  higher  than  managed  switches  from  Dell  and  HP 
However,  with  28  ports  instead  of  the  usual  24,  WideBand’s 
device  offers  higher  port  density 
WideBand  says  it  gains  a  price  advantage  by  manufac¬ 
turing  in  Missouri,  where  labor  costs  are  relatively  low. 
Nearly  all  other  network  equipment  is  made  in  Asia,  often 
through  outsourcing  to  component  assembly  firms. 

The  WB28GMPRO  performed  well  in  some  areas  of  our 
tests,  while  lacking  polish  in  others.  This  is  a  fast  switch, 
delivering  line-rate  throughput  for  all  frame  sizes  in  tests 
lasting  60  seconds,  and  near-line-rate  throughput  for  tests 
lasting  300  seconds.  Latency  was  in  line  with  other  low-cost 
gigabit  switches  we’ve  tested. 


On  the  downside,  the  switch’s  user  interface  is  quite  lim¬ 
ited  in  terms  of  features  supported,  and  we  were  unable  to 
complete  a  test  of  link  aggregation  because  of  perform¬ 
ance  issues. 

Switch  setup  is  fast  but  not  entirely  straightforward.  Most 
switches  offer  a  command-line  or  Web  interface,  and  usu¬ 
ally  both.  In  contrast, WideBand’s  Windows-based  manage¬ 
ment  software  has  a  proprietary  interface,  accessible  via 
serial  or  Ethernet  ports. 

That’s  where  we  hit  our  first  snag:  Software  supplied  with 
the  switch  would  only  communicate  over  a  serial  link 
attached  to  COM1  of  a  PC  running  Windows.  That  was  a 
problem  for  us,  because  the  machine  we  used  for  configu¬ 
ration  allocated  COM  1  to  an  infrared  port.  Within  a  day, 
WideBand  released  an  updated  version  of  the  manage¬ 
ment  software  that  let  us  select  serial  ports. 

Even  so,  we’d  be  happier  with  a  simple  command-line 


Figure  1:  WideBand  throughput 

The  28-port  WideBand  WB28GMPRO  turned  in  line-rate  throughput  results  when  we  ran  tests  for  60 
seconds.  Throughput  fell  to  99%  of  line  rate  in  tests  lasting  300  seconds. 


Aggregate  throughput  (Mbps) 
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interface  (CLI)  to  the  switch.  A  CLI  also  has  the  advantage 
of  not  requiring  a  given  operating  system  or  serial  port. We’d 
be  even  happier  if  the  switch  management  software  sup¬ 
ported  Secure  Shell  for  remote  access. 

The  management  interface  is  serviceable  but  limited 
compared  with  competing  offerings.The  interface  displays 
information  about  port  counters,  virtual  LAN  (VLAN)  as¬ 
signment,  SNMP  and  link  aggregation.  One  notable  feature 
is  the  switch’s  support  for  4,094  VLAN  IDs;  many  access 
switches  support  only  a  few  hundred  VLANs. 

A  port  can  be  assigned  to  as  many  as  four  VLANs  based 
on  frame  type,  and  that  port  will  accept  untagged  traffic 
from  each  VLAN.The  switch  also  will  accept  tagged  frames, 
but  managing  trunk  ports  requires  WideBand’s  nMU  net¬ 
work  management  software, which  we  didn’t  test.We  found 
a  few  other  functions  available  only  through  nMU,  such  as 
jumbo  frame  configuration  (though  jumbo  handling  is 
enabled  by  default)  and  controlling  address  aging  timers. 

Performance  measurements 

In  performance  tests,  we  measured  the  WideBand 
switch  in  four  areas:  throughput,  latency  address  learning 
capacity  and  link  aggregation  (see  “How  we  did  it,”  page 
39). We  determined  throughput  and  latency  by  attaching 
a  Spirent  TestCenter  traffic  generator/analyzer  to  all  28 
ports  of  the  switch  and  running  TestCenter’s  RFC  2889 
suite  of  switch  tests. 

It’s  common  practice  to  run  this  type  of  test  for  60  sec¬ 
onds,  and  here  the  WideBand  switch  was  perfect.  For  every 
frame  length,  from  the  Ethernet  minimum  of  64  bytes  all 
the  way  to  9,216-byte  jumbo  frames,  the  switch  forwarded 
traffic  at  line  rate  without  dropping  a  frame  (see  WideBand 
throughput  chart,  this  page). 

When  we  increased  the  test  duration  to  300  seconds  —  a 
practice  increasingly  used  by  service  providers  to  model 
long-lived  flows  such  as  video  feeds  —  the  switch  for¬ 
warded  traffic  without  loss  at  a  rate  equivalent  to  99%  of 
line  rate  for  all  frame  sizes. 

The  distinction  between  99%  and  100%  of  line  rate  is  aca¬ 
demic  for  most  enterprise  networks,  where  utilization  is 
usually  far  lower.  However,  for  applications  that  require  zero 
frame  loss,  this  isn’t  the  right  switch  (or  the  right  price 
range,  for  that  matter). 

We  also  measured  switch  latency,  which  was  much 

See  WideBand,  page  39 
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WideBand 

continued  from  page  37 

higher  in  our  60-second  tests  than  in  our 
300-second  tests  (see  WideBand  latency 
chart,  www.nwdocfinder.com/5749).  That’s 
because  throughput  was  lower  in  the  300- 
second  tests,  and  standard  testing  practice 
is  to  measure  latency  at  the  throughput 
level.  We  should  note  that  latency  with  this 
switch  is  comparable  with  that  for  other 
low-cost  gigabit  switches  we’ve  tested. 

Latency  at  line  rate  may  be  much  higher 
than  at  the  99%  level,  but  that  isn't  neces¬ 
sarily  a  cause  for  concern.  Delay  intro¬ 
duced  by  the  WideBand  switch  in  any  of 
our  tests  is  unlikely  to  hamper  application 
performance. 

Congestion  concerns 

The  one  place  where  switch  latency  could 
be  a  concern  is  in  congestion  handling.  At 
line  rate, the  lowest  latency  we  recorded  was 
72  microsec  with  64-byte  frames.  At  gigabit 
line  rate, that  means  there  are  more  than  100 
frames  outstanding  between  transmitter 
and  receiver  at  any  one  time.The  loss  of  any 
one  of  those  frames  (perhaps  because  of 
congestion  somewhere  else  in  the  network) 
could  cause  slowdowns  for  connection- 
oriented  protocols  such  as  TCP 


We  benchmarked  switch  perform¬ 
ance  in  four  areas:  throughput, 
latency  address  learning  and  link 
aggregation.  For  all  tests,  we  used  the 
Spirent TestCenter  traffic-generation  and 
-analysis  tool  and  TestCenter's  RFC  2889 
software  suite  for  switch  testing. 

In  the  throughput  and  latency  tests,  we 
offered  traffic  to  all  28  ports  in  a  bidi¬ 
rectional,  fully  meshed  pattern, meaning 
we  offered  test  traffic  to  all  ports  des¬ 
tined  to  all  other  ports.  We  measured 
throughput  and  latency  for  60  and  300 
seconds  using  a  range  of  frame  lengths 
from  a  minimum  of  64  bytes  to  a  maxi¬ 
mum  of  9,216  bytes. 

In  the  address  learning  tests,  we 
offered  traffic  to  three  pairs  of  ports  at 
1,000  frames  per  second,  and  used  a 
seventh  port  to  check  for  flooding. 

In  the  link  aggregation  test,  we  created 
an  eight-port  link  aggregation  group  on 
each  of  two  switches,  and  attached 
another  16  ports  on  each  switch  to  the 
Spirent  TestCenter  instrument.  Our 
intent  was  to  offer  test  traffic  in  a  bidi¬ 
rectional,  partially  meshed  pattern, 
meaning  all  traffic  offered  to  each  port 
was  destined  for  all  edge  ports  on  the 
other  switch.  However,  a  flow  control 
issue  with  the  WideBand  switch's 
firmware  prevented  us  from  completing 
this  test. 


In  a  test  of  learning  media  access  control 
addresses  —  the  maximum  number  of  hosts 
a  switch  can  see  without  flooding  traffic  — 
the  switch  learned  4,857  addresses.  That’s 
plenty  for  an  access  switch  like  this. 

Link  aggregation  has  long  proven  a  sore 
point  in  switch  testing,  and  unfortunately 
the  WideBand  device  is  no  exception.  We 
were  unable  to  test  the  IEEE  802.3ae  stan¬ 
dard  for  aggregating  multiple  ports  to 
appear  as  one  virtual  pipe. 

During  throughput  tests,  the  switches 
kept  dropping  members  of  the  link-aggre¬ 
gation  group,  and  all  tests  failed  from  that 
point  forward  until  we  power-cycled  the 
switches.  WideBand  reproduced  the  issue 
and  corrected  a  flow-control  issue  in  its 
firmware,  but  we  were  not  able  to  verify  the 
fix  by  press  time. 

We’ve  noted  performance  problems 
with  link  aggregation  before  (see  www 
.nwdocfinder.com/5722),  often  because 
of  poor  hashing  algorithms  in  switches. 
That’s  one  issue  the  WideBand  switch 
doesn’t  have:  Commendably,  it  offers  users 
numerous  hashing  methods.  While  we 
weren’t  able  to  complete  link  aggregation 
testing  because  of  the  flow-control  issue, 
we  still  appreciated  the  choice  of  hashing 
methods  in  the  switch. 

Deciding  between  a  WideBand  switch  and 
the  better-known  competition  is  like  the 
choice  car  buyers  face  when  looking  at  U.S. 
and  Japanese  models.  The  imports  offer 
plenty  of  creature  comforts,  usually  at  a 
price  premium.Think  Ford  or  Chevy  when  it 
comes  to  the  WideBand  switch:  It’s  a  decent 
performer  with  limited  features,  and  it’s  less 
expensive  than  the  imports. 

Newman  is  president  of  Network  Test,  an 
independent  engineering  services  firm  in 
Westlake  Village,  Calif.  He  can  be  reached  at 
dnewman  @networktest.  com. 
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Perey,  Perey  Research  &  Consulting;  Barry 
Nance,  independent  consultant;Thomas  Powell, 
PINT.  Joel  Snyder  Opus  One;  Rodney  Thayer 
Canola  &  Jones;  Sam  Stover  independent 
consultant 
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your  advanced  network. 
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LONDON  STOCK  EXCHANGE  CHOOSES 
WINDOWS  OVER  LINUX  FOR  RELIABILITY 


Microsoft 


Reliability  Is  Key  in  the 
World’s  Capital  Market 

By  MICHAEL  BETTENDORF 


LONDON,  Oct.  2006 — When  an  IT  system 
must  process  15  million  real-time  messages  per  day, 
with  peaks  at  2,000  messages  per  second,  even  one 
second  of  downtime  counts.  That’s  the  pressure  the 
London  Stock  Exchange  faced  when  building 
Infolect,  the  Exchange’s  real-time  stock-ticker 
information  delivery  system. 

The  solution  had  to  have  rock-solid  reliability, 
nothing  less.  “Reliability  is  one  of  the  key  attributes 
of  the  Exchange  in  its  technology  systems.  These 
systems  have  to  work  everyday,  24/7,  to  make  sure 
the  markets  are  there,”  said  CIO  David  Lester,  who 
evaluated  both  Linux  and  Microsoft®  Windows 
Server®  2003  for  the  Exchange’s  core  technology 
systems.  “We  looked  at  a  number  of  different  plat¬ 
forms  for  our  Technology  Roadmap,  and  we  lined 
up  our  business  requirements  with  the  capabilities 
of  those  platforms,  and  Windows  Server  was  the 
clear  choice.” 

In  Lester’s  view,  long-term  reliability  is  a  func¬ 
tion  of  a  solid  relationship:  “We  wanted  a  deep  part¬ 
nership  with  an  organization  that  could  deliver  the 
kind  of  mission-critical  technology  that  we  need¬ 
ed,  and  we  felt  Microsoft  delivered  just  that.” 

For  the  full  London  Stock  Exchange  case  study, 
plus  other  case  studies  and  independent  research 
findings  on  the  reliability  of  Windows  Server  versus 
Linux,  visit  microsoft.com/getthefacts 
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BREAKING  NEWS:  London  Stock 
Exchange  Achieves  Record  Reliability 

London  Stock  Exchange  CIO  David  Lester 
(above)  cites  Windows  Server  as  key  to  main¬ 
taining  system  reliability  and  performance. 
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LESTER  SPEAKS  OUT: 

“We  looked  at  a  number  of  different  platforms 
for  our  Technology  Roadmap,  and  we  lined  up 
our  business  requirements  with  the  capabilities  of 
those  platforms,  and  Windows  Server  was  the 
clear  choice.  ” 

-David  Lester,  CIO,  London  Stock  Exchange 

JOURNALISM  BEAT:  Continued  growth 
for  reliability-focused  newspapers  A  world¬ 
wide  survey  tracking  trends  in  newspaper  use 
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Piecing  together  the  next- 
generation  IT  architecture 


This  final  installment  in  a  six-part 
series  spotlights  the  latest  in  wire¬ 
less  and  mobility.  Coverage  begins 
at  the  right  with  a  look  at  the 
challenges  of  wireless  integration. 


A  MAP  OF  YOUR 
WORLD  From  your  own 
personal  realm  to  the  big  wide  WAN,  the  wireless 
world  is  exploding  with  new  and  advancing  technolo¬ 
gies. 

SYOU  WANT  WI-FI 

iTHAT?  McDonald’s  wireless  net¬ 
work  sizzles  with  thousands  of  consumer  hot 
spots  and  juicy  apps  for  franchisees. 

SIX  HOT  APPS  AND 

These  wireless  products 
combine  wow  with  workability. 

KK^fun  with  mesh 

Enterprises  take  wireless  mesh  for  a  whirl  — 
and  they  like  the  ride. 

CSCrSoMOC  INSIGHT:  WIRE¬ 
LESS  LANs  NOT  FOR  ALL.  On 

closer  inspection,  the  idea  behind  the  carpeted 
enterprise  becomes  a  bit  shoddy. 


More  online: 
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Need  to  research  advanced  tech¬ 
nologies?  Visit  the  New  Data 
Center  Research  Center  for  prod¬ 
uct  information  and  case  studies 

at  www.nwdocfinder.com/SSS5 


Looking  ahead: 
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The  New  Data  Center  series 
continues  in  2007: 

Feb.  19:  The  best  of  the  NDC 

March  SO:  Security 

May  SI :  Storage 

June  18:  Network  optimization 

Aug.  SO:  Virtualization 

Oct.SS:  Service-oriented 

architectures 


Unified  management  of  wired  and  wireless  net¬ 
works  is  the  ideal  —  and  a  long  way  off. 


BY  ANN  BEDNARZ 

Faculty  at  the  University  of  Moncton  have  a  new  way  of  keeping  in  touch 
with  colleagues  and  students  when  they’re  roaming  around  campus:  Wi¬ 
Fi  phones  that  use  the  school’s  wireless  network. The  university  which  is 
in  Canada’s  New  Brunswick  province,  had  planned  an  IP  telephony  roll¬ 
out  after  upgrading  its  wired  network  last  summer.  Adding  a  campuswide 
wireless  LAN  and  using  it  to  carry  voice  traffic  was  not  part  of  the  plan  —  it  just  seemed  to 
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fall  in  place, says  Jocelyn  Nadeau,  IT  director  at  the  Edmundston  campus. 


“With  the  infrastructure  we  had,  deploying  wireless 
at  the  same  time  we  deployed  voice  over  IP  just 
made  sense,”  Nadeau  says.  For  example,  the  upgrade 


included  Power  over  Ethernet,  so  getting  electricity 
to  the  wireless  access  points  was  simple.  “We  took  a 
big  project  and  made  it  bigger.  But  it  all  worked  weil.” 
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Voice  over  Wi-Fi  is  among  a  handful  of  emerging 
applications  that  industry  watchers  say  is  helping  to 
propel  wireless  from  a  conference-room  convenience 
to  a  more  pervasive,  mission-critical  technology  for 
today’s  business  environments  (see  “Wireless  LANs 
not  for  all,”  page  68).  As  that  happens,  enterprises  are 
becoming  more  aware  of  the  challenges  of  managing 
wireless  components. 

“Wireless  still  really  has  a  long  way  to  go  in  terms  of 
manageability  and  predictable  behavior,”  says  Paul 
DeBeasi,  a  senior  analyst  at  the  Burton  Group.  “There 
are  rules  for  how  you  design  and  deploy  a  regular 
wired  network,  and  if  you  follow  the  cookie-cutter 
rules,  you’ll  have  a  stable,  reliable,  high-performance 
network.  It’s  not  like  that  with  wireless.” 

The  complexity  of  WLAN  management 

A  wireless  network’s  susceptibility  to  environmental 
conditions  contributes  to  the  complexity  of  managing  it. 
To  deal  with  the  physical  elements,  enterprises  often 
deploy  dedicated  tools,  such  as  modeling  and  simula¬ 
tion  software  or  radio  frequency  (RF)  monitoring  wares. 

In  addition,  wireless  network  managers  need  opera¬ 
tional  software,  which  typically  comes  from  their 
WLAN  infrastructure  vendor,  to  tackle  such  tasks  as 
managing  encryption  keys,  provisioning  user  access 
and  keeping  firmware  up  to  date.  On  top  of  that  an 
enterprise  might  run  an  overlay  service,  such  as  wire¬ 
less  intrusion  prevention. 

This  all  can  add  up  to  a  sea  of  consoles  —  and  that’s 
just  for  the  wireless  side.  Still  elusive  is  the  ability  to 
manage  wired  and  wireless  networks  from  the  same 
console,  using  the  same  techniques. 

Configuration  of  wireless  infrastructure  and  devices 
ultimately  should  be  wrapped  into  larger  network  and 
systems  management  frameworks,  says  Rachna 
Ahlawat,  a  research  director  at  Gartner.  Vendors  such 
as  CA,  HP  and  IBM  have  made  progress  letting  their 
respective  management  platforms  import  data  from 
WLAN  management  software,  but  that  work  has  been 
more  for  the  purposes  of  reporting  than  for  taking 
management  action.  “They’ve  just  started  scratching 
the  surface,”  Ahlawat  says. 

Still,  the  tools  available  to  help  network  executives 
manage  WLANs  are  better  than  they  used  to  be.  In  par¬ 
ticular,  vendors  have  shifted  from  autonomous  access 
points  to  controller-based  architectures  that  allow  cen¬ 
tralized  management  and  configuration. 

John  Turner  remembers  when  his  team  had  to  service 
access  points  individually.  “If  we  wanted  to  change  [a 
service  set  identifier]  or  update  the  code  or  add  some¬ 
thing,  we  had  to  go  out  and  touch  each  of  the  access 
points  individually,”  says  Turner,  director  for  networks 
and  systems  at  Brandeis  University  in  Waltham,  Mass. 

“1  only  have  two  people  who  do  network  manage¬ 
ment,  for  the  wired  and  the  wireless.  When  we  had  a 
dozen  access  points  it  wasn’t  so  bad,  when  it  was  two 
dozen  it  was  OK,  but  when  it  hit  36  it  was  ridiculous.” 

When  Brandeis  decided  18  months  ago  to  blanket  its 
100-building  campus  with  wireless  access  —  a  project 
requiring  the  deployment  of  more  than  800  access 
points  —  Turner  knew  manageability  had  to  be  a  top 
priority.  The  university  chose  Aruba  Networks’  gear. 


Aruba  espouses  the  idea  of  thin  access  points, 
managed  by  centralized  controllers.  The  architec¬ 
ture  lets  Turner’s  team  manage  the  wireless  network 
from  one  location. 

“We’ve  done  software  upgrades  on  the  Aruba  sys¬ 
tem,  we’ve  made  SSID  changes,  we’ve  done  a  lot  of 
different  things  here  and  there.  It’s  a  no-brainer.  The 
access  points  are  just  the  delivery  mechanism. 
There  isn’t  anything  we  have  to  do  to  them  other 


than  make  sure  they’re  plugged  in,”  Turner  says. 

WLAN  infrastructure  vendors,  such  as  Aruba,  Cisco 
and  Trapeze  Networks,  have  done  a  good  job  of  bol¬ 
stering  the  management  features  in  their  product  sets 
—  but  each  vendor’s  software  is  designed  to  manage 
only  its  own  infrastructure  products,  Ahlawat  says.  For 
heterogeneous  environments,  such  vendors  as  Air- 
Wave  Wireless  and  Wavelink  offer  specialized  wireless- 

See  Unified  management,  page  50 


-network 


and  system; 


TRACY  POWELL 


.  , V  >/,£.  *lerf’  n3 

"6°1U  T  "  *+*fk  perHr^ e/*  a?‘ri. 

«*  **«+  f ^  * +>*  ^ 

7^  a/und  ^ 

ttp  ,f  " 


=sbjk . 


»  IP  security  requirements  grinding  your  branch  office  productivity  to  a  halt?  Juniper  makes  any  network 
better,  including  branch  office  networks.  Our  Secure  Services  Gateway  features  multi-layered  network- 
and  application-level  protection,  plus  enough  horsepower  to  ensure  your  security  solution  is  never  a 
LAN  or  WAN  bottleneck. 

Juniper’s  SSG  platform  is  an  innovative  powerhouse,  delivering  WAN  connectivity,  plus  the  muscle  to  protect 
your  high-speed  LAN  (competitive  products  slow  performance  dramatically  when  adding  security  features).  Find 
your  free  “Multimedia  Guide  to  Branch  Security,"  plus  demos,  white  papers  and  more  at  www.juniper.net/branch 
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YOU  ALWAYS  HAD 
THE  BRAINS.  IT  WAS 

THE  TECHNOLOGY 
THAT  WAS  A  LITTLE 
SCATTERED. 


Dual-Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate  operating  system  software  for  full  benefit;  check  with  software  provider  to 
determine  suitability;  not  all  customers  or  software  applications  will  necessarily  benefit  from  use  of  this  technology.  Requires  a  separately  purchased  64-bit  operating  system  and  64-bit  software  products  to  take  advantage  of  the  64-bit  processing  capabilities  of 


Introducing  the  new  HP  BlodeSystem  c-Class 
with  Insight  Control  Management. 

The  new,  intuitive  HP  BladeSystem  c-Class 
thinks  just  like  you  do  — letting  you  monitor 
your  infrastructure  while  helping  to 
analyze  your  future  needs.  First,  HP's 
OnBoard  Administrator  gives  you  out-of- 
the-box  setup  and  configuration  combined 
with  power,  cooling  and  enclosure  management.  After  that,  the  Insight 
Control  software  steps  in  to  let  you  control  the  rest  of  your  environment, 
locally  or  remotely.  And  thanks  to  the  integrated  Insight  Display  — our 
unique  LCD  screen— you  can  interact  right  at  the  source  to  manage, 
deploy  or  troubleshoot. 

Simply  plug  in  the  HP  ProLiant  BL460c  server  blade,  featuring 
Dual-Core  Intel®  Xeon®  Processors,  and  you'll  get  faster  performance 
and  the  versatility  to  support  32-  and  64-bit  computing  environments. 

Use  the  HP  BladeSystem  c-Class  for  your  business  and  you'll  experience 
greater  control  over  your  time  and  resources. 


To  experience  the  HP  BladeSystem  and  download 
IDC  White  Papers,  go  to  YouAlwaysHadlt.com/brainsl 

Call  1-866-625-4087  or  visit  your  local  reseller 


the  Dual-Core  Intel  Xeon  Processor.  Given  the  wide  range  of  software  applications  available,  performance  of  a  system  including  a  64-bit  operating  system  will  vary.  Intel's  numbering  is  not  a  measurement  of  higher  performance.  Intel,  the  Intel  Lego  Xeon  and  Xeon 
Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  The  information  contained  herein  is  subject  to  change  without  notice.  ©2006  Hewlett-Packard  Development  Company,  L.P 
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WLAN  management: 

The  standards  lineup 

A  trio  of  IEEE  standards,  in  various  states  of  completion,  are  designed  to  help 
improve  enterprise  management  of  wireless  networks  and  devices. 

•  802. lie,  an  approved  standard  that  defines  a  set  of  QoS  enhancements  for  LAN  applications. 

•  802.11k,  a  proposed  standard  for  radio  resource  measurement  that  will  provide  client  feedback  to 
wireless  LAN  access  points  and  switches. 

•  802.11v,  a  proposed  standard  that  defines  the  procedures  by  which  a  wireless  infrastructure  controls 
parameters  on  wireless  client  adapters,  such  as  identifying  to  which  network  or  access  point  the 
adapter  should  connect. 

The  802. lie  standard,  which  is  supported  by  products  today,  is  particularly  important  for  enterprises 
that  want  to  run  voice  over  Wi-Fi,  says  Paul  DeBeasi,  a  senior  analyst  at  the  Burton  Group. 

Next  up  on  the  management  standards  front  is  802.11k,  which  lets  the  network  monitor  what's  happen¬ 
ing  on  a  laptop  from  a  radio-frequency  point  of  view,  such  as  measuring  signal  quality.  It  will  be  a 
couple  of  years  before  802. 1 1  v,  which  will  let  the  network  control  user  devices,  is  ironed  out. 

“When  you  have  those  two  things  —  the  k  and  the  v  —  the  wireless  network  can  really  then  control 
what's  happening  on  the  laptop.  It  can  tell  the  laptop,  'Don't  connect  here,  connect  over  here.  Don't 
use  this  channel,  use  that  channel.  Don't  move  now,  but  in  two  minutes  move,"’  DeBeasi  says. 

Cellular  networks  work  that  way  —  a  phone  doesn't  make  decisions  about  what  tower  to  connect  to, 
the  communications  network  does  so  that  it  can  ensure  a  reliable,  seamless  handoff. 

"That’s  how  802.11  is  evolving  with  these  new  standards. The  Wi-Fi  network  will  become  more  like  a 
cellular  network,  and  when  it  does  that,  you'll  be  able  to  have  much  greater  reliability,  much  more 
robust,  predictable  performance,"  DeBeasi  says.  “You'll  be  able  to  run  mission-critical  applications, 
such  as  voice,  over  the  network  and  have  very  strong  management  capability  built  in,”  he  says. 

—  A.  Bednarz 
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network  management  software  that  lets  enterprises 
manage  several  different  makes  of  infrastructure  prod¬ 
ucts.  “But  there  still  isn’t  any  vendor  that  can  give  me 
a  solution  for  common  wired  and  wireless.  The  ven¬ 
dors  haven’t  made  this  a  priority,”  she  says. 

WLAN  management  as  art 

If  there’s  one  reason  management  hasn’t  gotten  a 
ton  of  attention  from  vendors  and  IT  staff,  it  would  be 
security.  That  issue  traditionally  has  dominated  wire¬ 
less  considerations,  but  as  enterprises,  vendors  and 
service  providers  have  become  adept  at  addressing 
wireless  security,  priorities  are  beginning  to  shift.  “As 
companies  start  to  think  about  using  wireless  LANs  in 
less  casual  deployments,  for  things  like  voice  and 
location  detection  of  tagged  items,  they’re  more  con¬ 
cerned  about  reliability.  It’s  an  interesting  shift  in  the 
last  year,”  says  Ellen  Daley,  a  vice  president  at 
Forrester  Research. 

The  vendors  and  service  providers  have  addressed 
the  science  of  security  well,  Ahlawat  says.  The  pieces 
are  available,  enterprises  just  need  to  put  it  all  to¬ 
gether,  she  says.  That’s  not  the  case  with  management, 
however.  “Management  is  more  of  an  art.  You  don’t 
even  know  what  the  different  pieces  are,  and  how  you 
put  together  your  network  management  is  going  to  be 
very  company-specific,”  she  says. 

For  WLAN  management,  the  University  of  Moncton  is 
turning  to  HP,  which  designed  and  implemented  the 
school’s  Cisco-based  wireless  network.  With  the  wire¬ 
less  infrastructure  in  place,  Nadeau  says  now  he’s  on 
the  lookout  for  management  efficiencies.  “We’re  trying 
to  look  at  solutions  that  would  allow  us  to  manage 
everything  from  a  single  point,”  he  says. 

One  area  on  Nadeau’s  radar  is  access  control.  Today 
the  university  uses  an  open  source  wireless  authenti¬ 
cation  client,  SecureW2,  to  manage  wireless  access. 
The  setup,  however,  requires  students  to  bring  in  their 
laptops  so  IT  can  install  and  configure  the  client  soft¬ 
ware.  “If  that  load  turns  out  to  be  as  big  as  we  think  it 
will  be,  we  will  need  to  look  at  another  solution,”  he 
says.  “That’s  the  next  phase  in  our  wireless  project.” 

Analysts  expect  WLAN  infrastructure  vendors  will 
continue  to  bolster  their  built-in  management  capabil¬ 
ities  and  begin  to  eliminate  the  need  for  third-party 
overlay  services.  For  example,  vendors  are  getting  bet¬ 
ter  at  RF  monitoring,  Burton  Group’s  DeBeasi  says. 

“There  are  separate  companies  selling  devices  to 
allow  you  to  monitor  what’s  happening  on  your  wire¬ 
less  network  on  a  physical  layer,  but  they’re  not  inte¬ 
grated  into  the  management  tools.  Over  the  next  two 
or  three  years  . . .  companies  like  Cisco  and  Aruba  will 
be  integrating  those  capabilities  right  into  an  access 
point,”  he  says. 

Tighter  integration  will  reduce  the  number  of  con¬ 
soles  and  increase  functionality.  For  example,  network 
managers  should  be  able  to  take  action  automatically 
in  response  to  environmental  conditions,  such  as  inter¬ 
ference  or  an  oversubscribed  access  point.  “If  you 
monitor  in  an  integrated  way,  and  you  see  a  problem 


you  can  then  use  expert  intelligence  built  into  your 
controller  to  tell  the  access  point,  ‘Do  this.’  If  you  have 
an  overlay  network,  you  can’t  take  any  action  without 
involving  a  human  being,”  DeBeasi  says. 

Bo  Mendenhall,  principal  information-security  archi¬ 
tect  at  the  University  of  Utah  Health  Sciences  Center 
(UUHSC),  has  seen  the  beginning  of  such  improve¬ 
ments.  The  Salt  Lake  City  institution,  an  AirDefense 
customer,  depends  on  the  vendor’s  sensor-based  secu¬ 
rity  software  to  monitor  its  wireless  landscape  and 
detect  rogue  access  points  and  suspicious  traffic. 

Four  years  ago,  wireless  access-point  vendors 
weren’t  offering  that  kind  of  functionality.  Lately  that’s 
been  changing,  Mendenhall  says.  For  example,  UUHSC 
is  almost  done  upgrading  its  WLAN  infrastructure  with 
Aruba  products,  which  include  air  monitors  that  per¬ 
form  functions  similar  to  those  of  the  AirDefense  sen¬ 
sors.  Mendenhall  isn’t  ready  to  give  up  his  AirDefense 
products  but  admits  their  functionality  overlaps  some 
with  the  Aruba  systems.  “But  Aruba  doesn’t  have  the 
level  of  granularity  that  AirDefense  gives  us,”  Men¬ 
denhall  says.  “If  we  need  more  in-depth,  forensic-type 
information,  or  more  long-term  trending  information, 
we  still  look  to  AirDefense.” 

Mendenhall  says  he  can  envision  the  two  vendors’ 
functionality  continuing  to  converge,  but  it  could  take 
a  year  or  two.  In  the  meantime,  using  the  two  systems 
in  tandem  lets  UUHSC  validate  information.  “If  we  see 
something  in  Aruba,  we  can  go  back  into  AirDefense 
and  see  if  we  see  the  same  type  of  traffic  pattern  or 
attack.  There  are  benefits  to  having  both  systems.” 


On  the  management  front,  the  Aruba  gear  fits 
Mendenhall’s  desire  for  centralized  WLAN  handling.  “I 
wanted  one  console  for  someone  to  be  in  on  a  daily 
basis,  regularly  looking  for  the  operational  as  well  as 
the  security  problems,”  Mendenhall  says.  One  of  the 
benefits  is  that  all  the  logs  are  in  one  place,  which 
makes  it  easier  to  troubleshoot  problems,  he  says. 
With  Aruba’s  centralized  console,  it  takes  just  1.25  full¬ 
time  employees  to  manage  UUHSC’s  wireless  network, 
which  has  500  access  points  and  air  monitors,  he  says. 

Greatness  to  follow  integration 

Things  eventually  will  get  even  better  in  terms  of 
management  for  enterprises,  experts  say. 

The  elements  are  expected  to  come  together,  be¬ 
cause  it  makes  sense  that  they  do,  says  Craig  Mathias, 
principal  at  the  Farpoint  Group.  “There’s  roughly  90% 
commonality  between  what  goes  on  in  a  wired  network 
and  what  goes  on  in  a  wireless  network,”  he  says.  “It 
doesn’t  make  sense  to  have  two  different  directory 
services,  two  different  security  systems.  Everything 
can  be  put  in  one  place  and  centrally  managed.” 

Enterprises  will  wind  up  with  a  single  hierarchy  of 
management  tools  that  govern  wired  and  wireless  — 
even  mobile  devices  —  and  those  tools  will  be  driven 
by  policies,  he  predicts.  “You’ll  say,  ‘This  specific  user 
has  the  following  capabilities  and  this  level  of  priority.’ 
The  network  then  just  implements  the  policy.” 

Brandeis’  Turner,  for  one,  looks  forward  to  that  day: 
“1  would  love  to  have  the  same  visibility  into  our  wired 
network  that  we  do  into  our  wireless  network.”  ■ 


against  Web  threats 


With  the  ScanSafe  Web  security  team  on  your  side,  you’ll  have  an  unfair  advantage  in  the  fight  against  spyware,  viruses,  phishing 
and  other  Web-based  threats.  Blocking  malware  and  unwanted  content  before  they  reach  your  network,  our  managed  services 
eliminate  the  burden  of  managing,  maintaining  and  updating  your  in-house  security  infrastructure,  freeing  you  to  focus  on  business 
critical  IT  projects. 

Our  support  team  and  threat  experts  are  available  around-the-clock,  protecting  your  network  from  the  latest  outbreaks.  All  our 
services  are  backed  by  SLAs  that  guarantee  pure,  safe  Internet  content  at  up  to  a  40%  lower  cost  of  ownership  than  hardware 
solutions.  Let  our  managed  services  be  your  instant  Web  security  team,  helping  you  turn  the  tables  on  Web  threats  you  face  today 
and  the  new  malware  threats  of  tomorrow. 


ScanSafe 


Your  Web  Security  Team 


To  learn  more  call  1 -866-4-PORT-80 
Or  visit  www.scansafe.com 
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From  your  own  personal  realm  to  the  big  wide  WAN,  the  wireless 
Craig  Mathias,  principal  of  the  Farpoint  Group,  offers  a  guide  to 


Enterprise  Wi-Fi 

The  number  of  enterprise  Wi-Fi  installations  is  growing,  as  systems 
based  on  centralized  architectures  proliferate,  performance  improves  and 
costs  decline.  A  particularly  exciting  trend  is  the  introduction  of  unified 
wired-wireless  switches. 


Point-to-point  microwave 

This  is  used  most  commonly  for  bridging  voice  and  data  networks  in 
buildings  separated  by  a  few  miles  or  less,  or  for  carrier  bypass. 
Standardized  interfaces  make  this  a  drop-in  replacement  for  wire, 
allowing  flexibility  and  easy  integration. 


Bluetooth  headsets  and 
wireless  USB 

Look  in  your  average  office  cubicle  today,  and 
you'll  find  one  or  the  other  —  or  both  —  of  these 
wireless  gadgets. 

Bluetooth  is  found  most  often  in  cell-phone  head¬ 
sets,  but  it  also  can  be  used  for  a  wide  variety  of 
datacentric  functions,  including  synchronization 
and  file  transfer. 

The  advent  of  radios  based  on  very-high-through- 
put  ultra-wideband  (UWB)  technology  is  resulting 
in  products  that  implement  the  Universal  Serial  Bus 
2.0  specification  —  but  don’t  need  a  USB  cable. 
Wireless  USB  is  only  one  variant  of  UWB;  also 
expect  to  see  it  in  consumer  electronics  (for  exam¬ 
ple,  wireless  video  links)  and  used  with  Bluetooth's 
wide-ranging  protocol  stack. 


Converged  cellular  and  Wi-Fi 

One  of  the  most  interesting  developments  in  wire¬ 
less  today  is  the  convergence  of  cellular  and  Wi-Fi 
technologies  into  an  integrated  voice-data  offering. 
While  many  enterprises  are  waiting  for  cell  opera¬ 
tors  to  roll  out  services  based  on  the  Unlicensed 
Mobile  Access  or  IP  Multimedia  Subsystem  archi¬ 
tectures,  today  companies  can  use  premises  equip¬ 
ment  and  appropriate  software  running  on  dual¬ 
mode  (cellular  and  Wi-Fi)  handsets  to  provide  single¬ 
number  access  and  PBX  integration  to  reduce  costs 
and  improve  productivity. 


|  ZigBee 

This  short-range,  low-power  radio  technology  is 
suited  especially  for  such  sensor-based  applica¬ 
nt  tions  as  monitoring,  telemetry,  control  and  automa- 
|  tion.  ZigBee  nodes  can  be  used  to  build  complex 
5  meshes  for  commercial  and  industrial  applications, 
p  Examples  include  logistics  management,  security, 
|  energy  control,  remote  control,  and  location  and 
I  tracking. 
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Spotlight;  on 
wireless  &  mobility 


Drld  is  exploding  with  new  and  advancing  technologies, 
this  emerging  landscape. 


WiMAX 

Current  WiMAX  deployments  primarily  follow  the  IEEE  802.16-2004  standard, 
which  is  used  mostly  to  implement  fixed,  point-to-multipoint  access  services.The 
newer  802.16e-2005  standard  adds  mobility,  and  is  directly  comparable  to  broad¬ 
band  services  on  cellular  networks.  Mobile  WiMAX  is  the  first  wide-area  4G  tech¬ 
nology,  and  will  include  wireless  VoIP  capability. 
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Hotel  Wi-Fi 

Many  business  travelers  depend  on  their  accommoda¬ 
tions' Wi-Fi  networks.  As  an  alternative,  some  road  war¬ 
riors  use  cellular  data  PC  cards,  which,  despite  their 
monthly  service  charges,  can  be  cost  effective. 


mm 


Radio  frequency  identifacatia 

You  can  think  of  RFID  as  a  radio  version  of  barcodes. 
But  RFID  tags  are  pricier  than  bar  codes,  so  for  now 
they  mostly  track  high-value  items  in  manufacturing, 
healthcare,  and,  as  here,  logistics  and  transpcrtat 


Push  to  talk 

Modern  digital  PTT  or  P2T  systems  offer  nationwide 
coverage  and  increasingly  are  implemented  as  IP  traffic 
on  top  of  cellular  data  services.  PTT  is  especially  valu¬ 
able  in  field-based  occupations,  such  as  construction  and 
real  estate.  PTT  is  half-duplex  technology  and  requires  a 
handset  equipped  with  this  capability. 


Metro-scale  Wi-Fi 

More  than  400  municipalities  worldwide  are  examining 
or  have  deployed  Wi-Fi  services,  often  via  low-cost  wire¬ 
less-mesh  systems.  Expect  ubiquitous  access  over  the 
next  decade,  and  for  throughput  and  reliability  to 
advance  dramatically,  as  products  based  on  the  IEEE 
802.1  In  standard  start  to  appear  in  late  2007. 


Residential  Wi-Fi 

Many  residential  Wi-Fi  products  offer  implementations 
based  on  the  multiple-input  multiple-output  (MIMO) 
technology,  which  forms  the  core  of  the  IEEE  802.1  In 
standard.  MIMO  system  performance  is  as  much  as  five 
times  that  of  most  802.11g-based  products,  with  corre¬ 
sponding  improvements  in  coverage  and  range. 


Cellular  voice  and  data 

Today  cellular  capacity  is  deployed  on  towers,  and  on  microcells  installed  in  such  high-densi¬ 
ty  facilities  as  convention  centers  and  larger  enterprises,  to  deliver  effective  throughput  of  as 
much  as  1Mbps.  Code  Division  Multiple  Access  (including  IxEV-DO  for  broadband  data)  and 
GSM/Universal  MobileTelecommunications  System  are  the  two  major  U.S.  systems. 
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McDonald’s  wireless  network  sizzles  wii 
thousands  of  consumer  hot  spots  and 
juicy  applications  for  franchisees. 


BY  SUSAN  BREIDENBACH 


There’s  something  in  the  air  at  McDonald’s 
these  days,  and  it’s  not  just  the  wafting  scent  of 
Big  Macs  and  french  fries.  Wireless  Internet 
access  is  on  the  menu  in  a  growing  number  of 
locations  as  the  world’s  largest  fast-food  restaurant  chain  seeks 
to  give  its  famous  Golden  Arches  a  more  digital  flavor. 


McDonald's  is  three  years  into  its  big  Wi-Fi  push,  which  so  far 
has  brought  wireless  connectivity  to  more  than  7,500  of  the  com¬ 
pany's  13,700  restaurants  in  the  United  States. 

The  Wi-Fi  project  is  part  of  a  huge  re-imaging  campaign  McDonald’s 
launched  in  2003  to  bolster  its  brand  association,  which  had  hit  an 
all-time  low.  The  nation  faced  an  obesity  epidemic,  and  some  vocal 
critics  and  overweight  customers  were  holding  fast  food  in  general 
—  and  McDonald’s  in  particular  —  largely  responsible  for  it. 
McDonald’s  addressed  the  food  issues  by  mixing  salads  and 
grilled  chicken  in  with  its  traditional  burger  fare,  but  the  com¬ 
pany’s  much  bigger  challenge  was  a  cultural  shift  into  an 
increasingly  intangible  economy  with  its  digital  culture.  Facing 
a  world  in  which  experiences  are  becoming  as  real  and  eco¬ 
nomically  valuable  as  steel  and  automobiles  —  much  less 
Quarter-Founders  with  Cheese  —  McDonald’s  sees  Wi-Fi  as  a 
vyay  to  add  a  fourth  dimension  —  digital  services  —  to  its  tra¬ 
ditional  offerings  of  food,  convenience  and  price. 

“-people  are  using  restaurants  very  differently  these  days 
as  lifestyles  have  changed,”  says  Tom  Gergets,  director  of 

’  «'**  .v-  •.♦  ■■  y  *.‘,y  .  »*.■  •  .  $/*'• 

technology  and  infrastructure  for  McDonald’s  U.S.  opera- 
tions  in  Oak  Brook,  111.  “We’ve  really  had  to  contemporize 
ahd  create  modern,  relevant  in-restaurant  experiences.” 
hi  o.ther  words,  McDonald's  is  trying  to  morph  from  a 
\  drive-through  to  a  destination  —  a  place  where  people  go 
...  ’  to.  meet  and  socialize  or  play,  or  even  get  some  work- 
*  .related  e?mall  done.; 

*  ‘ 

^  ’  ;  Becoming,  a.  destination  involves  quite  a  transformation. 

!  When  the.  first  Wi-Fi  pilot  started,  60%  of  McDonald’s  busi- 
nes§  was  done  at  the  drive-through  window,  and  people  who 
y  came  inside  only  because  the  drive-through  line  was  too 
Is.  long  accounted  for  a  big  chunk  of  the  remaining  40%. 

V  Faft  ,of  this  transformation  is  happening  through  a 
rnajqr  remodeling  of  sites  that  results  in  more  comfort- 
seating,  segmented  areas  for  children,  teens  and 

See  McDonald's,  page  56 


We  don’t  dictate  technology 
to  franchisees.  Rather,  we 
develop  new  services  [like 
Wi-Fi]  they  can  adopt. 


TOM  GERGETS,  director  of  technology  and  infrastructure. 
McDonald's 
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CommandCenter®  NOC  puts  everything  you  need  to  diagnose  and  repair  faults  at  your  fingertips. 


Whether  you  manage  10  servers  or  250,  problems  continually  arise.  Raritan's  CommandCenter  NOC  seamlessly 
integrates  availability  and  performance  monitoring,  along  with  asset  and  security  management  into  a  single 
dashboard  that  cuts  through  the  barriers  of  complexity,  time  and  distance  to  simplify  and  accelerate  IT  operations 
and  give  your  staff  two  of  the  most  precious  resources  of  all  -  Knowledge  and  Time.  The  knowledge  to  spot 
and  fix  problems  before  they  cause  downtime,  and  more  time  to  spend  on  activities  that  grow  your  business. 
It's  all  part  of  the  future  of  IT  infrastructure  management.  From  Raritan. 

Time  is  everything.  So  contact  us  today  to  schedule  a  live 
on-line  test  drive. 

www.HyperAccessControl.com 

©  2006  Raritan.  Inc.  All  rights  reserved.  Raritan.  CommandCenter  and  Hyper-Access  are  trademarks  or  registered  trademarks  of  Raritan,  Inc.  or  its  wholly  owned  subsidiaries 
The  e-mail  notification  in  the  picture  shows  graphics  for  emphasis.  The  notifications  in  the  current  CC-NOC  release  are  plain  text,  compatible  with  any  SMTP  e-mail  client. 


When  you're  ready  to  take  control® 
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McDonald's 

continued  from  page  54 

adults,  better  lighting  and  floors,  and  even  an  occa¬ 
sional  fireplace.  Even  more  is  riding  on  a  digital  over¬ 
haul  that  provides  state-of-the-art  wireless  technology. 

Doing  business  in  the  experience  economy 

It’s  a  tall  order  but  a  necessary  one, says  B.  Joseph  Pine,  co¬ 
author  of  The  Experience  Economy  and  co-founder  of  busi¬ 
ness  consultancy  Strategic  Horizons.“The  key  differentiator 
between  offering  a  service  and  creating  an  experience  is 
time.  If  you  view  spending  time  with  your  customers  as 
costing  you  money  and  your  customers  want  to  spend  as 
little  time  as  possible  with  you,  you  are  becoming  a  com¬ 
moditized  service,”  he  says. 

“But  if  you  view  spending  time  with  your  customers  as 
opportunities,  and  your  customers  love  to  spend  more 
time  with  you,  you  can  stage  a  valuable  experience. 
And  the  more  time  they  spend,  the  more  money  they 
spend  —  that’s  the  basic  strategy  behind  putting  Wi-Fi 
in  restaurants  and  other  retail  locations.  McDonald’s 
has  created  a  venue  where  customers  can  come  and 
have  access  to  the  experiences  they  want,  when  and 
how  they  want  them,”  Pine  says. 

McDonald’s  began  its  Wi-Fi  experiments  with  a  few  in¬ 
restaurant  pilot  installations  based  on  a  model  that 
integrates  value-added  applications,  such  as  e-mail 
access  for  customers,  with  core  services,  such  as  busi¬ 
ness  applications  for  franchisees.  Then  came  the  chal¬ 
lenge  of  implementing  that  model  across  an  organiza¬ 
tion  the  size  and  scope  of  McDonald’s. 

In  2004,  the  company  set  out  to  test  the  concept  and 
evaluate  potential  service  partners  in  three  metropoli¬ 
tan-area  markets:  Cometa  Networks  and  AT&T  in  New 
York,  Toshiba  in  Chicago,  and  Wayport  in  the  San 
Francisco  Bay  area.  It  compared  such  criteria  as  busi¬ 
ness  models,  service  levels,  ability  to  attract  customers 
and  impact  on  core  operations. 

Wayport  won  a  very  public  bake-off;  third  parties,  such  as 
AT&T  and  Nintendo,  signed  up;  and  McDonald’s  rapidly 
began  deploying  the  service  to  restaurants. Today  walk-up 
customers  can  pay  $2.95  for  two  hours  of  wireless  Internet 
access.  Alternatively  customers  can  get  unlimited-use  of  the 
entire  Wayport  network  for  $29.95  per  month,  or  access  via 
participating  vendors,  such  as  AT&T. 

Nintendo  DS  users  have  given  the  network’s  Nintendo 
gaming  utility  rave  reviews,  and  franchisees  have 
begun  enjoying  the  benefits  of  a  major  infrastructure 
upgrade  that  streamlined  business  operations. 

The  Wi-Fi  service  being  sold  to  customers  “is  just  a 
small  part  of  the  benefit,” says  Don  Armstrong,  a  27-year 
veteran  of  McDonald’s  franchisee  team  who  has  1 1 
restaurants  in  the  Beaverton  and  Hillsboro  areas  of 
Oregon.  “The  real  benefit  was  getting  a  high-speed 
infrastructure  to  access  the  business  information  we 
need  to  manage  the  restaurants  better.” 

Armstrong  is  a  member  of  McDonald’s  Store 
Technology  Board,  an  elected  group  of  franchisees  that 
serves  as  a  sounding  board  for  the  company’s  restau¬ 
rant-systems  development  efforts.  Board  members  are 
drawn  from  among  the  more  technologically  savvy 
franchisees,  and  yet  the  pre-Wayport  network  infra¬ 


structure  in  Armstrong’s  restaurants  consisted  of  “just 
telephone  lines  and  Sneakernet”  —  a  fairly  typical 
arrangement  across  all  franchisee  locations  at  the  time. 

The  rollout  was  well  underway  by  the  time  McDonald’s 
celebrated  its  50th  birthday  in  2005,  but  ongoing  deploy¬ 
ment  of  the  Wayport  Wi-Fi  solution  depends  on  franchisees’ 
wishes  and  requirements,  and  may  never  reach  100%. 
Some  2,400  McDonald’s  restaurants  are  in  locations 


Picking  the  right 
Wi-Fi  provider 

Considering  the  scale  of  the  McDonald's  Wi¬ 
Fi  project  —  which  is  intended  to  bring  wire¬ 
less  connectivity  to  thousands  of  restaurants 
—  the  cookie-cutter  rollout  has  gone  smooth¬ 
ly.  The  equipment  is  providing  a  flexible  and 
secure  foundation  for  public  access  and 
business  transactions.  Paramount  was 
selecting  the  right  service-provider  partner, 
says  Tom  Gergets,  director  of  technology  and 
infrastructure  for  McDonald’s  U.S.  operations 
in  Oak  Brook,  III.  He  evaluated  service 
providers  on  the  following  key  attributes: 

•  An  appropriate  service-level  agreement  and 
the  ability  to  meet  it. 

•  Great  end-user  support  for  the  restaurant’s 
customers,  as  well  as  its  staff. 

•  A  business  model  that  supported  a  variety 
of  services,  including  offerings  from  addition¬ 
al  service  providers. 

The  bottom  line,  Gergets  says,  is  that  there  is 
nothing  all  that  different  about  deploying  Wi¬ 
Fi:  “People  who  understand  technology 
deployment  in  a  venue  like  ours,  and  have  a 
good  set  of  processes  in  place,  are  able  to 
leverage  the  same  skills  for  deploying  wire¬ 
less  infrastructures.” 

— S.  Breidenbach 
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that  can  get  broadband  access  only  via  satellite  con¬ 
nections,  which  do  not  support  the  Wi-Fi  infrastructure. 

Getting  franchisees  on  board 

Before  its  2003  nadir,  McDonald’s  had  focused  its  growth 
efforts  on  adding  new  locations.  Since  then,  its  emphasis 
has  shifted  to  building  more  sales  at  existing  locations.The 
availability  of  wireless  access  is  intended  to  attract  more 
people  to  its  restaurants  and  keep  them  there  longer. 

“We  are  starting  to  see  people  coming  into  the  restaurants 
to  get  online  and  just  buying  a  drink,”  says  Allen  Benton,  a 
second-generation  McDonald’s  franchisee  with  18  loca¬ 
tions  in  the  greater  Austin  area. 

These  customers  have  lots  of  hot  spots  to  choose  from  in 
such  a  technology-intensive  area,  so  Benton  woos  them  by 
providing  coupons  for  free  Wi-Fi  access.  “We  want  to  be 
their  convenient  choice  for  Wi-Fi,”he  says.  Employees  are 
told  to  keep  an  eye  peeled  for  laptops  and  pass  out  the 
coupons.  Similarly  a  big  Nintendo  tournament  was  aimed 
at  the  younger  customers. 


Technology  changes,  however,  can’t  be  forced  on  the 
3,000-plus  franchisees  that  own  and  operate  some  85% 
of  McDonald’s  U.S.  restaurants.  The  McDonald’s  corpo¬ 
rate  group  has  to  sell  them  on  any  new  technology  and 
convince  them  that  its  benefits  fit  their  needs  and  out¬ 
weigh  the  costs  and  risks  involved. 

Some  franchisee  cooperatives,  which  traditionally 
focus  on  purchasing  and  advertising,  had  dabbled  in 
deploying  technology  before  McDonald’s  Wi-Fi  ven¬ 
ture,  but  deployments  were  spotty  and  inconsistent. 
With  the  Wayport-based  technology,  McDonald’s  is 
offering  a  standard,  turnkey  Wi-Fi  infrastructure  all  fran¬ 
chisees  can  use  for  back-office  and  customer-facing 
applications,  as  well  as  hot-spot  Internet  access. 

“McDonalds  is  a  bit  of  a  consulting  and  sales  organiza¬ 
tion  for  its  franchisees,”  Gergets  says.  “We  don’t  dictate 
technology  to  franchisees.  Rather,  we  develop  new  serv¬ 
ices  they  can  adopt.”  Armstrong  acknowledges  that  adop¬ 
tion  of  the  Wayport  solution  was  “a  big  undertaking,”  but 
likened  it  to  the  installation  of  water  and  sewer  lines: 
“Once  they  are  in,  the  real  work  can  begin,”  he  says. 

The  other  side  of  the  hot  spot 

Inevitably,  some  franchisees  have  trouble  seeing  the 
value  of  the  wireless  experience  to  their  customers. 
Traditional  restaurateur  thinking  revolves  around  table 
turnover  rather  than  encouraging  customers  to  hang 
around.  This  newfangled  fourth-dimension  stuff  could 
blow  a  winning  business  formula  to  smithereens. 

A  key  driver  of  wireless  at  McDonald’s,  however,  was 
the  strong  demand  from  franchisees  with  cash-only 
restaurants  who  wanted  to  start  accepting  credit  and 
debit  card  payments  from  customers. That  a  way  to  do 
this  could  be  overlaid  on  the  Wi-Fi  infrastructure  got 
their  attention  very  quickly.  Although  the  customer- 
access  side  of  the  Wi-Fi  implementation  met  with  some 
skepticism,  franchisees  could  see  the  immediate  bene¬ 
fits  of  a  flexible,  high-speed  network  for  their  customer¬ 
facing  and  back-office  applications. 

“One  of  our  goals  was  to  ensure  that  the  network 
could  be  used  for  multiple  applications,  and  support 
new  applications  in  the  future,”  Gergets  says.  “The  cus¬ 
tomers  and  employees  can  share  the  same  infrastruc¬ 
ture  securely.  We  had  to  comply  with  the  very  high  stan¬ 
dards  of  the  payment  card  industry, so  we  had  to  imple¬ 
ment  a  very  secure  solution.”  Gergets  declined  to  pro¬ 
vide  details,  but  said  the  services  were  audited  by  third- 
party  entities. 

The  Wi-Fi  infrastructure  also  allows  rapid  deployment 
of  new  tap-and-go-card  payment  technologies,  includ¬ 
ing  the  Arch  Card  that  McDonald’s  introduced  last  fall. 
Instead  of  a  magnetic  strip  that  has  to  be  scanned  and 
can  become  unreadable,  the  cards  contain  embedded 
RFID  chips  that  transmit  information  more  quickly  and 
reliably. The  point-of-sale  solution  is  independent  of  the 
in-restaurant  Wi-Fi  network,  but  shares  the  Wayport  con¬ 
nection  for  transport  and  authorization. 

“We  had  wanted  to  take  credit  and  debit  card  pay¬ 
ments  for  a  long  time,  and  the  Wayport  infrastructure 
enables  this,”  Armstrong  says.  The  ability  to  pay  elec¬ 
tronically  “brings  new  customers  into  the  restaurants 
who  might  otherwise  have  gone  elsewhere.” 

See  McDonald's,  page  60 


©Server  Technology,  Inc.  Sentry  is  a  trademark  of  Server  Technology,  Inc. 


With  Sentry!  LJ  IP— 

CDU  Product  Family:  Metered,  Smart  &  Switched 

■ 


Server  Technology,  Inc. 
1040  Sandhill  Drive 
Reno,  NV  89521 
USA 


Don't  let  nehuorh  potuer 
issues  give  p  a  headache 


Manage  prsiistems  power  Iron 
anquihere.aiii|limeiiii 


START 


Presenting 

Tiered  Infrastructure  Maintenance  Standards™  (TIMS) 


The  data  center  was  originally  designed  and 
built  to  minimize  downtime.  However;  times 
change.  Dependence  expands.  Demand 
grows.  Expectations  surge.  New  was  nice,  but 
maintenance  will  be  the  difference  between 
Up...  and  Down. 

To  help  you  achieve  your  data  center's 
maximum  uptime  potential,  Lee  Technologies 
established  Tiered  Infrastructure  Maintenance 
Standards™  (TIMS).  TIMS  offers  a  systematic 
guide  to  netting  more  9s  of  reliability  out  of 
your  data  center  by  applying  standardized 
maintenance  practices  and  procedures. 

Trust  the  industry's  most  respected 
provider  of  mission-critical  infrastructure 


solutions  to  set  the  standard  for  maintenance 
that  means  uptime...  Lee  Technologies. 

For  your  FREE  TIMS  Whitepaper, 
call  877-654-9662  or  visit 
www.leetechnologies.com/tims. 
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Nothing  gives  you  a  bigger  headache  than  infrastructure 
hardware  and  software  problems  at  the  wrong  time. 
Often  these  issues  cost  you  valuable  system  downtime 
and  require  a  site  visit  to  reboot  hardware.  Let 
SMARTstart  remote  power  distribution  systems  show 
you  the  efficient  way  to  manage  your  system's  power. 


•  Trusted  by  major  OEM's 


•  Reboot  from  anywhere,  anytime  via  web  or 
TCP/IP 


•  Remote  power  distribution  and  circuit  protection 
for  AC  or -48  VDC  or +24  VDC  systems 


•  Auto  reset  circuit  breaker  feature  addresses 
no  fault  breaker  trips  for  DC  systems 


io  mane 

headache  remedy,  visit 

rnmspeqwwer.com/smart 


•  AC  PDU  features  auto  power  on  sequence  in  the 
event  of  power  outages.  This  prevents  potential 
damage  as  a  result  of  inrush  currents  when 
power  is  suddenly  restored. 


SPECTRUM  CONTROL  INC. 
Power  Management  Systems  Group 


toll  free +1.800.835.1515 
tel  +1.775.284.2000 
fax  +1.775.284.2065 


www.servertech.com 

sales@servertech.com 
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The  Sentry  CDU  distributes  power forBJadeV 
servers  or  up  to  42  dual-power  1U  servers  /  ;yr- 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC,  2 08 VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles.  -  ■ 


Metered  CDU 

>  Local  input  Current  Monitoring 
Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On  /  Off  /  Reboot 


How  Do  You  Distribute 
Power  in  Your  Data 
Center  Cabinet? 
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.INFRASTRUCTURE  LOG 

_DAY  45:  These  underutilized  storage  boxes  have  proliferated 
exponentially.  Their  inability  to  share  capacity  has 
doomed  us.  We’re  trapped  in  a  maze  of  our  own  creation. 

_DAY  47:  I  tried  to  give  Gil  a  boost  over  this  wall,  but 
he  pulled  a  hammie. 

_DAY  48:  I’ve  taken  back  control  with  IBM  System  Storage™ 
SAN  Volume  Controller.  It  puts  my  entire  storage  universe 
into  a  simple,  virtualized  pool.  And,  unlike  EMC,  IBM  has 
fourth-generation  virtualization  technology  and  over  2,000 
customers.  I  am  seeing  results. 

.Productivity  is  up.  Utilization  is  up.  I.T.  guys  lost  in 
mazes  of  data  is  down. 


IBM.COM/TAKEBACKCONTROL/STORAGE 


BO 


The  New  Date  Center 


www.  network  war  Id .  com/supp/2006/ndc/ 


October  S3,  8006 


McDonald's 

continued  from  page  56 

Faced  with  the  technology 
expectations  of  his  Austin-area 
customers,  Benton  already  had 
implemented  in-restaurant  Wi-Fi 
access  and  electronic  payments 


based  on  MegaPath  Networks 
services.  However,  the  MegaPath 
solution  had  no  fallback  capabil¬ 
ity  when  the  broadband  connec¬ 
tion  was  down.  Payment  transac¬ 
tions  had  to  be  stored  locally  and 
uploaded  when  the  connection 
was  restored, resulting  in  losses  for 


the  restaurants  when  payments 
were  refused.  In  contrast, Wayport 
offers  dial  backup. 

Benton  also  uses  the  Wayport 
infrastructure  to  run  specialized 
enterprise  software  that  lets 
supervisors  access  and  analyze 
business  variables,  such  as  daily 


sales  and  drive-through  speeds. 

McDonald’s  franchisees  can 
deploy  other  applications  on 
top  of  their  Wi-Fi  infrastructure: 
sales  data  reporting,  IP  tele¬ 
phony,  kiosks,  mobile-worker 
access,  digital  publications  and 
e-learning.  Armstrong’s  fran- 


Qrtronics 


Introducing  the  Wi-Jack  Duo',"  the  world's  smallest, 
thinnest  802.1 1  a/b/g  wireless  access  point.  Its 
centrally  managed  thin  AP  technology  means  better 
security  and  easier  management.  The  sleek  design 
fits  unobtrusively  into  a  standard  wall  box  and 
supports  an  optional  network  port.  Thin  is  in  for  higher 
performance  in  wireless  network  performance. 


Get  the  story  on  why  the  Wi-Jack  Duo  is  the  perfect 
wireless  solution  by  calling  800-934-5432  or  visiting 

www.ortronics.com/wi-jack 
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chise  operation  is  using  the 
wireless  network  to  deliver 
employee  training  and  support 
video  surveillance.  If  there  is  an 
incident  in  a  McDonald’s  res¬ 
taurant,  management  can  ac¬ 
cess  the  location  remotely  and 
see  what  is  going  on. 

The  perfect  venue 

With  its  Wi-Fi  project,  Mc¬ 
Donald’s  is  trying  to  take  that 
most  recognizable  of  all  corpo¬ 
rate  logos  and  influence  people 
to  associate  it  with  interactive 
experiences  that  are  useful, 
informative  or  just  plain  fun. Yet 
what  Wi-Fi  does  for  McDonald’s, 
very  well  could  be  dwarfed  by 
what  Wi-Fi  —  and  ubiquitous 
broadband  wireless  connectiv¬ 
ity  in  general  —  get  from 
McDonald’s.  After  all,  it’s  some¬ 
thing  of  a  maxim  in  the  restau¬ 
rant  business  that  when 
McDonald’s  jumps  on  board 
something,  it’s  officially  a  trend. 

Consequently,  some  view  the 
McDonald’s  Wi-Fi  venture  as  an 
important  way  station  on  the  road 
to  pervasive  connectivity.  Truly 
pervasive  connectivity  requires 
that  municipalities  and  service 
providers  blanket  communities 
with  broadband  wireless  cover¬ 
age,  and  that  is  still  a  lot  more 
promise  than  reality 

“Eventually  McDonald’s  may  be 
swamped  by  the  fact  that  a  serv¬ 
ice  provider  is  delivering  wireless 
access  and  just  including  Mc¬ 
Donald’s  real  estate  because  it  is 
so  ubiquitous,”  Pine  says.  As  Way- 
port  CEO  Dave  Fucina  remarked 
when  the  Wayport-McDonald’s 
partnership  was  announced  in 
April  2004, “The  broadband  family 
needs  a  seamless  extension  of 
home  and  office  connectivity,  and 
McDonald’s  is  the  perfect  venue 
to  meet  that  need.” 

In  the  meantime,  McDonald’s 
is  providing  a  point  of  access 
and  showing  customers  — 
including  a  lot  of  young  people 
who  will  be  reshaping  our  cul¬ 
ture  —  that  they  can  get  con¬ 
nected  at  a  lot  more  places. 

Breidenbach  is  a  freelance 
technology  writer  based  in 
Reno,  Nev.  She  can  be  reached  at 
sbreiden  bach  @usa.  net. 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  C  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

.  Larger  keyboard  and 
display  sizes  available 
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Call  1-800-255-3739  or  visit  www.computerwise.com 
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COMPLETE  WI-FI  MEASUREMENT  SYSTEM 
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•  Monitor  all  2.4  GHz  and  5  GHz  Wi-Fi  bands  plus 

4.94  to  4.99  GHz  public  safety  band 

•  Includes  directional  and  omni-directional 

antennas  for  all  Wi-Fi  and  public  safety  bands 

•  Battery  operated,  or  power  from  any  worldwide 

line  voltage  or  12  VDC  vehicle  adapter 

•  Download  tabular  or  graphical  measurement  data 

to  a  PC  quickly  and  easily 

•  Automated  data  logging  downloads  data  to  a  PC 

for  hours  or  days  without  an  operator 

•  Fully  programmable  for  remote  monitoring  applications 


Spectrum  Analyzer 
power  at  your  fingertips 


Everything  is  included,  nothing  more  to  buy  Powerful  PC  Interface  Scr:  v-re 


BANTAM  INSTRUMENTS 


www.Bantamlnstruments.com  1  -866-37 1  -6003 
Our  10th  year  of  leadership  in  handheld  spectrum  anoiy.. 
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Spotlight:  on 
wireless  Ek  mobility 


and  cool 


for  the  wir 


These  six  products  get  the  thumbs-up  for 
combining  wow  with  workability. 


BY  JOHN  COX 


ClairMail  lets  users  send  an  e-mail  to  an  application  and  get  back, 
as  shown  here,  customer  account  data. 


BLACKBERRY 


treaming  the  latest  ‘American  Idol”  performances  to  your  cell  phone 
might  be  pretty  cool,  but  it’s  not  going  to  help  your  company  hit  its 
quarterly  numbers.  For  unwired  enterprise  users,  hot  applications 
and  cool  tools  have  to  blend  the  “wow”  factor  with  practicality  and 
payoff.  The  cutting  edge  in  technology  is  always  fascinating,  and 
you  can  see  it  at  its  best  in  our  recent  coverage  of  the  Demo  show,  hosted  by  Network 
World's  Events  group  (see  www.nwdocfinder.com/5723).  However,  for  your 
\  next-generation  infrastructure,  the  New  Data  Center,  we  know  that  hot 
applications  and  cool  tools  for  the  unwired  mean  the  ones  that  combine 
innovation  with  a  track  record  of  performance.  Here  are  our  picks. 


Account  Name:  InsureCo 
Industry:  Insurance 

Billing  Address:  123  Main  St. 
San  Francisco,  CA  94123 
Phone:  (555)  555-1234 

Contact:  Bill  Smith  -VP  Sales 
-  bsrnith@insureco.com 

Open  Activities: 

1.  Send  quote  to  Bill  Smith 


Hot  apps 


Special  delivery:  enterprise  data  via  e-mail 
Company:  ClairMail 
Product:  ClairMail 

You’re  standing  in  front  of  an  irate  customer  in  his 
office,  with  your  smart  phone  in  hand,  and  you 
really  need  to  know  the  details  about  his  late  order. 
Using  your  smart  phone’s  e-mail  program,  you 
select  an  e-mail  address,  enter  the  customer’s  name 
on  the  subject  line,  and  hit  Send.  In  less  than  a 
minute,  you  have  the  data,  pulled  from  your  com¬ 
pany’s  back-end  CRM  system. 

With  ClairMail’s  server  software, you  send  e-mails 
from  your  address  list  not  to  colleagues  but  to 
enterprise  databases  and  applications  with  one 
click.  E-mail  becomes  an  application  interface. 

It’s  addictive,  too.  Employees  at  J2K  Tech¬ 
nology,  a  Garden  City,  N.J.,  IT  services  company 
that  advises  customers  on  what  products  to  buy, 
now  use  ClairMail  routinely,  even  for  Web 
searches,  because  it’s  so  much  faster  and  sim¬ 
pler  than  the  BlackBerry  Web  browser,  says 
Kevin  Bock,J2K’s  president. 

Users  select  CM  Google  from  their  address  list, 
type  in  the  search  terms  and  e-mail  it  to 


ClairMail’s  hosted  service,  which  runs  the  search 
and  returns  the  results. 

Rivals  in  this  space  include  Sybase’s  iAny- 
where  group  and  Sendia,  recently  acquired  by 
Salesforce.com. 

As  a  hosted  service,  ClairMail  is  $5  per  user,  per 
month.  As  an  in-house  appliance  behind  the  cor¬ 
porate  firewall,  pricing  is  $40  per  user,  per  month. 

Mobile  applications  made  simple 

Company:  Dexterra 

Product:  Dexterra  Concert  Platform 

Dexterra  Concert  is  middleware  that  users  say 
dramatically  simplifies  building  and  deploying 
mobile  applications. 

With  Dexterra  Concert,  application  developers 
can  focus  entirely  on  creating  the  client  applica¬ 
tion  using  existing  Microsoft  .Net  or  Java  tools, 
along  with  reusable  components  from  Dexterra.  A 
metadata  repository  and  interfaces  do  the  heavy 
lifting  for  communications. 

“You’re  completely  eliminating  the  issues  of 
synchronizing  data,  authentication  and  network 
communications,"  says  Ron  Fijalkowski,  execu¬ 
tive  vice  president  for  technology  and  central 
services  at  SDI,  a  Bristol,  Pa.,  IT  services  com- 

See  Hot  apps,  page  64 


SUNGARD 

Availability  Services 


Keeping  People 
and  Information 
Connected T 


680  East  Swedesford  Road,  Wayne  PA  19087 
800-468-7483  |  www.availability.sungard.com 


Meet  your  objectives  with  confidence.  For  over 
28  years,  through  2,100  recovery  situations, 
we’ve  delivered  a  100%  success  rate.  With 
solutions  that  achieve  precise  recovery  time- 
frames,  locations  and  data  points. 


And  you  can  maintain  that  control  as  your 
business  evolves.  With  access  to  some  of  the 
most  extensive  data,  system  and  network 
resources  available  anywhere.  Reach  higher 
levels  of  Information  Availability,  at  a  fraction  of 
the  cost  of  building  the  infrastructure  yourself. 


The  right  solution  for  today.  Strong  preparation 
for  tomorrow.  Let  SunGard  show  you  how  to 
expect  the  unexpected. 


Quick,  take  a  snapshot.  Suddenly  part  of  your  IT 
infrastructure  is  inaccessible.  What  happens  to 
your  business? 

SunGard’s  AdvancedRecoverySM  solutions  help 
get  you  back  up  and  running.  Fast.  We  provide 
extensive  options  to  fit  your  exact  requirements, 
from  tape  or  disk  backup,  to  data  replication, 
mirroring,  hotsites,  mobile  solutions  and  more. 


64 


The  New  Data  Center 


www.  networkworld .  com/supp/EOOG/ndc/ 


October  S3,  3006 


Dexterra's  metadata  repository  and  visual  tool 
simplify  mobile  application  development. 

Hot  apps 

continued  from  page  62 

panyan  early  Dexterra  customer.“You  just 
focus  on  creating  the  [client]  business 
logic  and  forget  about  the  infrastructure 
issues  related  to  wireless.” 

Ready-to-use  connectors  link  a  Dex¬ 
terra  server  to  Microsoft  SQL  Server  and 
Oracle  and  SAP  applications.  Dexterra 
also  offers  a  set  of  applications  built  on 
the  Concert  platform,  including  asset 
management,  field  service  and  mobile 
workforce  management. 

Rivals  in  this  space  are  numerous,  includ¬ 
ing  Intellisync,  now  part  of  Nokia,  and  Syclo. 

Pricing  is  based  on  the  complexity  of 
the  deployed  application  and  the  number 
of  Dexterra  components  involved, such  as 
the  interfaces  to  SAP  and  Oracle.  The 
price  for  a  subscription  license  is  $30  to 


set 


$60  per  user,  per  month.  The 
price  for  the  more  traditional 
perpetual  license  is  $200  to 
$900  per  user. 


Tracking  movable  gear 
Company:  PanGo  Networks 
Product:  PanGo  Locator  with 
PanGo  Active  RFID  Tags 
Think  about  how  much  time 
and  money  are  spent  by  staff  at  a 
sprawling  medical  center  or  a 
manufacturing  plant  just  search¬ 
ing  for  the  various  pieces  of 
portable  equipment  they  need 
when  they  need  them.  Now  think 
about  looking  at  a  computer 
screen,  running  a  query  and 
instantly  finding  the  room  where  the  gear 
you  want  is  located.  Now  think  about  doing 
that  with  the  wireless  network  you  already 
have  in  place. 

“It’s  cool  to  watch  devices  in  motion  in 
real  time,”  says  John  Halamka,  CIO  for 
the  Beth  Israel  Deaconess  Medical 
Center  in  Boston. “You  can  view  the  loca¬ 
tion  of  equipment  as  it’s  moved  from 
place  to  place.” 

He  estimates  the  PanGo  system  is  sav¬ 
ing  each  nurse  and  doctor  20  minutes  a 
day  at  the  medical  center.  PanGo 
(named  on  Network  World's  2004  list  of 
start-ups  to  watch.)  employs  active 
radio  tags,  which  use  a  802.11b  radio  to 
transmit  a  signal  that  access  points  or 
special  sensors  pick  up  (conventional, 
supply-chain  RFID  tags  use  a  different 
frequency  and  are  passive  —  a  reader 
beams  a  signal  to  the  tag,  which  uses 
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Slap  an  active  radio  tag  on  such  equipment  as  heart  monitors  and  wheelchairs,  then  track  and 
find  them  with  PanGo  Locator. 


that  energy  to  send  a  response). 

The  PanGo  tags  attach  to  equipment  and 
even  people.The  PanGo  server  also  can  use 
location  data  from  Cisco’s  2700  Location 
Appliance  and  already  established  wireless 
LAN  (WLAN)  access  points;  it  translates  the 
raw  data  into  coordinates  and  puts  them 
on  a  floor  plan  or  map. 

A  rapidly  expanding  group  of  companies 
offer  location  services  technology  They  fall 
into  two  broad  groups.  The  first,  including 
Radianse,RF  Code  and  WhereNet,  typically 
uses  the  unlicensed  but  lower-frequency 
spectrum.  A  newer  group,  including  Aero- 
Scout,  Ekahau  and  PanGo,  base  their  prod¬ 
ucts  on  the  IEEE  802.1 1  WLAN  standard. 

For  about  $100,000,  a  customer  can 
track  500  discrete  assets,  PanGo  says. 
That  investment  includes  PanGo 
Locator,  the  PanOS  systems  software  and 
the  radio  tags. 


Cool  tools 


The  world  in  your  Palm 

Company:  Palm 

Product:  Palm  Treo  700wx  smart  phone 

What’s  cool?  Palm’s  legendary  usabili¬ 
ty  with  a  wealth  of  Windows  applications 
and  tools  and  the  speed  of  Evolution  Data 
Optimized  (EV-DO)  cellular  data  services, 
all  in  a  phone  that  really  is  smart. 

The  newly  released  700wx,  initially  for 
Sprint  Nextel’s  Power  Vision  Network,  intro¬ 
duces  the  Windows  Mobile  Messaging  and 
Security  Feature  Pack  for  the  Windows 
Mobile  5.0  operating  system.  That  means  it 
supports  certificate-based  authentication 
for  Exchange  data  and  push  e-mail  (that  is, 
automatic  forwarding),  and  it  lets  network 
administrators  wipe  data  from  local  or 
remote  devices. 

Coolest  of  all:  a  built-in  interface  to 
Sprint’s  Code  Division  Multiple  Access 
EV-DO  cellular  network,  which  delivers 
typical  downstream  speeds  of  400K  to 
700Kbps.  (Sprint  plans  in  early  2007  to 
launch  EV-DO  Revision  A  services,  which 
could  provide  a  peak  data  rate  of 
3.1Mbps  downstream.) 

Network  World  Cool  Tools  columnist  Keith 
Shaw  has  an  overview  of  the  700wx,  though 
he  hasn’t  yet  taken  it  on  the  road  (see 
www.nwdocfinder.com/5544).  But  earlier 
this  year,  he  reviewed  the  700w,  the  first 
Windows-powered  Palm  handheld,  trying  it 
out  with  an  EV-DO  card.“TheTreo  700w  is  a 
great  gadget;  it  works  well  with  the  EV-DO 
network,  and  would  be  a  great  tool  for  the 
enterprise  mobile  worker/  he  wrote  (see 
www.nwdocfinder.com/5545). 

Windows  Mobile  5.0  and  applications  tie 


into  Outlook,  Exchange  and  other 
Microsoft  applications.  Users  also  benefit 
from  a  fast-growing  and  -maturing  group  of 
business-oriented  applications.  And  Palm’s 
expertise  in  usability  tops  off  the  list  of  this 
device’s  attractive  features. 

Competition  is  fierce:  Motorola’s 
recently  released  Q  device,  the  Nokia  E61 
and  more  recent  BlackBerry  models  all  are 
targeted  specifically  at  the  enterprise. 

With  a  two-year  cell  contract,  Sprint’s 
price  for  the  700wx  is  $299  to  $499. 
Without  the  contract,  the  device  lists  for 
$619  to  $649. 


The  PC  that  fits  on  your  key  ring 


Company:  Route  1 


Type  a  name  or  number 


Voicemail 


George's  birthday 


./  J  |  Start  _  S3  Yl{\  m  10:19 

Verizon  Wireless 


Forecasting  Meeting 

9 : 00AM- 10 : 00  AM 


Outlook  E-mail:  14  Unread 


Product:  MobiKey 
Imagine  a  mobile  thin 
client  that  is  so  thin  there 
isn’t  even  a  client. 


The  Palm  Treo  700wx  adds  BlackBerry-like  auto¬ 
forwarding  e-mail  to  the  first  Windows-based 
Treo,  as  well  as  built-in  EV-DO  wireless. 
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People  like 
it:  Route  1  recently  an¬ 
nounced  that  two  telecom 
service  providers  placed  orders  for 
6,000  of  these  smart  USB  devices. 

The  thumb-sized  MobiKey  drive  plugs 
into  a  USB  port  on  any  available  Windows 
PC  with  an  Internet  connection.  The  soft¬ 
ware  inside  launches  from  onboard  ROM, 
connects  to  Route l’s  MobiNet  hosted  serv¬ 
ice  and  loads  the  logon  screen.  Users 
authenticate,  using  embedded  digital  cer¬ 
tificates,  through  MobiNet,  which  then  sets 
up  an  encrypted  SSL  tunnel  through  the 
corporate  firewall.  Users  have  fully  pro¬ 
tected  access  to  their  desktop  PC  and 
other  authorized  computers  with  the 
local  PC’s  keyboard,  mouse  and  some  pro¬ 
tected  memory  space. 

About  100  people  use  MobiKey  at  Bell 
Business  Solutions,  a  Montreal  subsidiary 
of  Bell  Canada,  which  does  IT  consulting 
for  small  and  midsize  enterprises.  When 


The  MobiKey  plugs  into  any  PC  with  a  USB 
port  and  an  Internet  connection,  providing 
secure  access  to  your  desktop  PC. 

they’re  out  of  the  office  they  use 
BlackBerrys  for  e-mail,  but  when  they  need 
access  to  desktop  and  Citrix-based  applica¬ 
tions,  they  find  a  PC  in  a  hotel  business  cen¬ 
ter  or  Internet  cafe,  plug  in  the  MobiKey 
and  reach  their  corporate  PC,  says  James 
Hickey  a  company  vice  president  and  com¬ 
mitted  MobiKey-er.“I  see  my  entire  desktop, 
as  if  I  had  turned  on  my  computer  at  the 
office,”  he  says. 

MobiKey  costs  $399  per  device;  the  price 
includes  a  one-year  MobiNet  subscription. 

Finding  Wi-Fi 

Company:  ZyXel  Communications 

Product:  AG-225H  802.1  la/b/g  Wi-Fi 
Finder  &  USB  Adapter  (WFUA) 

The  name  is  almost  as  long  as  the  device, 
which  measures  3.8.  by  1.1  by  0.6  inches, 
roughly  the  size  of  two  fingers  side  by  side. 

The  WFUA  has  two  uses:  It’s  a  USB  Wi-Fi 
adapter  that  plugs  into  a  laptop  or  hand¬ 
held  and  supports  802.1  la,  802.1  lb  and 


The  size  of  two  fingers,  this  ZyXel  device  is  a  Wi-Fi  hot-spot  finder,  and  a  USB-based 
802.1  la/b/g  WLAN  adapter. 


802.1  lg  radio  connections  to  a  hot  spot 
or  enterprise  WLAN.  It’s  also  a  stand¬ 
alone  WLAN  detector:  Pull  it  out  of 
your  pocket  and  switch  it  on,  and 
it  picks  up  the  nearest  access 
points  and  displays  data  on  each 
one  via  an  LCD  screen.  You  can 
hunt  for  the  best  connection  with¬ 
out  having  to  unpack,  boot  up  and  lug 
around  your  laptop. 

“We  use  it  for  verifying  wireless  coverage 
and  signal  strength  all  over  campus,  since  it 
also  gives  a  signal  strength  bar  graph  for 
each  access  point  it  detects,”  says  Arthur 
Emerson,  network  administrator  at  Mount 
Saint  Mary  College,  in  Newburgh,  N.Y 
The  high-contrast  LCD  screen  shows 
information  on  each  access  point’s  Service 
Set  Identifier,  encryption  requirements,  fre¬ 
quency  band  and  channel  assignment. 

In  addition,  it  works  with  5GHz  802.11a 
WLAN  access  points  and  has  802.11a  driv¬ 
ers  for  computers  with  Version  10.3  and 
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higher  of  the  Macintosh  OS  X  operating  sys¬ 
tem,  a  rarity  according  to  Emerson.  Mac 
users  can  use  WFUA  to  connect  to  802.1  la 
access  points.  It  takes  security  seriously  sup¬ 
porting  Wi-Fi  Protected  Access  and  WPA2. 

There  are  other  devices  like  this,  such  as 
the  Linksys  WUSBF54G  Wireless-G  USB 
Adapter  with  Wi-Fi  Finder,  which  creates  an 
even  more  awkward  acronym,  LWWG- 
UAWF  That  product  doesn’t  support 
802.1  la,  however. 

Zyxel’s  list  price  is  $99,  but  a  survey  of 
online  sites  shows  most  prices  are  around 
$80,  with  some  as  low  as  $60. 
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Spotlight  on 
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Enterprises  give  wireless  mesh 
a  whirl  —  and  they  like  the  ride. 


BY  JOANNE  CUMMINGS 


Not  too  long  ago,  enterprises  had  limited 

options  when  it  came  to  making  a  wire¬ 
less  network  part  of  the  New  Data 
Center  plan.  In  the  local  area,  the  choice 
was  Wi-Fi  —  802.1  lb,  g  or  a.  In  the  larger  campus  or  met¬ 
ropolitan  area,  people  anticipated  widespread  WiMAX 
deployments  (aka  802. 16d  or  802. 16e)  because  of  the 
promise  of  broadband-level  bandwidth,  improved  flexibil¬ 
ity  and  tight  security. 

Not  so  anymore.  These  days,  metropolitan  wireless  mesh  networks  threaten  to 
leave  WiMAX  at  the  gate. The  reasons  are  numerous:  They  follow  the  traditional 
Wi-Fi  standard, so  any  Wi-Fi-enabled  client  can  work  with  them, users  and  analysts 
say.  Plus,  they  don’t  require  wire  runs  to  every  node,  they  are  designed  to  be  self¬ 
organizing  and  -healing,  and  they  scale  on  the  fly  If  you  need  more  capacity,  add 
another  node,  and  you’ve  got  it. 

In  addition,  mesh  gear  is  available  from  Cisco,  Firetide,  Strix  Systems,  Tropos 
Networks  and  others.  WiMAX  products  are  not  nearly  as  prevalent.  Fixed  WiMAX 
equipment  is  just  coming  to  market,  and  mobile  WiMAX  gear  is  not  expected  to 
arrive  much  before  late  2007. 

‘I  looked  at  WiMAX  in  the  public  safety  arena. ...  It  worked  great 
in  a  stationary  environment,  especially  for  video  cameras,  but 
once  I  tried  it  in  a  mobile  environment,  it  didn’t  work,”  says 
Peter  Collins,  CIO  for  the  city  of  Austin, Texas,  which  recent¬ 
ly  deployed  a  series  of  wireless  meshes  using  Cisco 
Aironet  1500  series  gear. 

That’s  not  to  say  mesh  is  always  the  best  choice. 
For  most  companies  considering  deploying  in¬ 
building  wireless  networks,  the  cost  equation 
indicates  traditional  Wi-Fi  is  still  the  way  to  go 
—  if  the  wire  is  there  and  available  for  the  Wi¬ 
Fi  access  points.  But  when  the  infrastructure 
has  not  been  wired,  and  running  wire  would 
be  prohibitively  difficult  or  expensive,  mesh 
makes  sense.  “Mesh  works  well,  and  we’re 
starting  to  see  it  in  warehouses,  loading 
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Mesh  vs.  WiMAX 


Wireless  mesh  CWi-FiJ 

WiMAX 

Bandwidth 

11M  or  54Mbps 

70M  to  100Mbps 

Coverage 

No  limit 

No  limit 

Availability 

Now 

By  year-end  2007 

docks,  logistics,  transportation,  those  kinds 
of  applications.  We  also  see  it  in  large,  tem¬ 
porary  setups,  like  outdoor  concert  ven¬ 
ues,”  says  Craig  Mathias,  principal  at  the 
Farpoint  Group. 

For  example,  North  American  Midway  En¬ 
tertainment,  a  large  amusement  company 
in  Los  Angeles,  sets  up  Firetide  wireless 
mesh  networks  to  support  transaction  pro¬ 
cessing  for  its  fairs  and  carnivals.  Firetide’s 
HotFbrt  mesh  network  gear  provides  reli¬ 
able,  robust  connectivity  in  a  challenging 
environment,  says  John  Gallant,  North 
American  Midways  CIO. 

“For  us,  it’s  almost  impossible  to  use  a 
conventional  wireless  network  with  point- 
to-point  runs  and  wireless  access  points,” 
he  says.  “The  Firetide  mesh  gives  us  a 
multipoint  setup.  We  can  actually  go 
around  corners.  If  the  connection’s 
strongest  point  is  straight  in  front  of  you, 
but  every  three  minutes  a  huge  mechani¬ 
cal  device  like  a  ride  goes  past  it  for  a 
minute,  that  creates  a  lot  of  delay  and 
latency  With  the  Firetide  gear,  if  one  node 
becomes  obstructed  or  the  network  noise 
level  gets  too  high,  the  node  will  automat¬ 
ically  route  the  signal  to  the  next  best  pos¬ 
sible  route,”  he  adds. 

In  mesh  networks,  users  deploy  multiple 
mesh  nodes  throughout  an  area,  but,  unlike 
in  traditional  Wi-Fi,only  one  node  has  to  be 
connected  to  a  wired  network.  When  a 
mesh  node  receives  a  frame  from  a  Wi-Fi 


client,  it  relays  the  frame  from  node  to 
node,  until  the  frame  reaches  the  wired 
node.  Each  node  has  a  standard  Wi-Fi  inter¬ 
face,  to  communicate  with  clients,  and  a 
radio-based  backbone  link  that  relays  the 
message  across  the  network. 

Because  the  mesh  doesn’t  require  wire 
runs  to  every  node,  Gallant  can  use  it  in  the 
large  spaces  he  needs  to  cover.  For  exam¬ 
ple,  North  American  Midway  recently  ran 
the  Canadian  National  Exhibition  in  Tor¬ 
onto,  where  the  fairgrounds  blanketed 
about  one  square  mile.  Gallant  imple¬ 
mented  a  mesh  comprising  42  nodes  and 
access  points.  It  supported  240  users. 

Mesh  has  its  downsides,  he  says,  but  those 
are  common  to  all  wireless  networks  — 
susceptibility  to  lightning,  interference  from 
other  devices,  power  outages.  Most  prob¬ 
lematic  is  having  to  plug  nodes  into  stan¬ 
dard,  110-volt  household  receptacles.“They 
have  battery  backups  in  case  you  lose 
power,  but  you  do  have  to  plug  them  in. 
That’s  probably  the  biggest  challenge,” 


Gallant  says.  Still,  reliability  outweighs  the 
downsides:  “Mesh  works  great,”  he  says. 

Proprietary  routing  standards 

A  bigger  downside  for  some  users  is  the 
proprietary  nature  of  each  vendor’s  routing 
scheme.  That  means  once  you  decide  to 
buyyou’re  locked  into  that  vendor. Although 
the  IEEE  is  working  on  a  standard  routing 
protocol,  called  802.1  Is,  it  doesn’t  expect  to 
finish  that  work  until  late  2007.  Even  then, 
the  standard  would  provide  for  fairly  vanilla 
multivendor  mesh  implementations. 

This  gives  some  users  pause.  “Wireless 
mesh  is  a  little  bit  out  there,”  says  Elliot 
Zeltzer,  global  manager  for  telecommuni¬ 
cations  security  at  General  Motors  in 
Detroit.  “We  can’t  afford  any  downtime. 
We’re  looking  for  more  established,  stan¬ 
dardized  technology’ 

GM  is  in  the  middle  of  a  traditional  Wi-Fi 
rollout  across  its  campus,  primarily  be¬ 
cause  the  wiring  is  there  and  it’s  a  more 
proven  technology  Zeltzer  says.  If  he  were 


to  look  at  a  more  metropolitan-level  roll¬ 
out,  he  says  he’d  favor  WiMAX. 

“Not  speaking  specifically  to  GM,  1  believe 
WiMAX  has  the  highest  value,”  Zeltzer  says. 
“It  offers  huge  amounts  of  bandwidth  for 
fairly  low  cost  and  in  the  end,  it  could  pro¬ 
vide  total  local-carrier  bypass,”  he  says.  Plus, 
Zeltzer  says,  he  is  leery  of  mesh  security. 

Wireless  mesh  users  counter  such  argu¬ 
ments  by  saying  mesh  offers  enough  cover¬ 
age,  bandwidth  and  security  for  today’s 
applications  “Everything’s  misleading  in  the 
world  of  wireless, and  your  rate  depends  on 
a  lot  of  factors,  like  distance  and  interfer¬ 
ence,”  Austin’s  Collins  says.  “With  WiMAX, 
your  rate  decreases  the  farther  away  you 
are  from  the  transmitter  and  receiver.  It’s  all 
relative.  I  have  a  consistent  throughput  on 
wireless  mesh,  and  that’s  more  important.” 

As  for  security  Farpoint’s  Mathias,  as  well 
as  current  users,  say  it’s  not  an  issue:  “Basic 
wireless  LAN  security  is  really  improved  to 
the  point  where  it’s  very  good,”he  says.  “If 
you  can  secure  a  wired  network,  you  can 
secure  a  wireless  network.” 

In  the  end, the  proof  is  in  the  deployments. 
Several  cities  have  committed  to  wireless 
mesh  rollouts,  and  vendors  seem  to  be  tick¬ 
ing  off  new  users  weekly.  As  Mathias  says: 
“The  demand  ...  is  a  global  phenomenon.” 

Cummings  is  a  freelance  writer  in  North 
Andover,  Mass.  She  can  be  reached  at  jocum 
mings@comcast.  net. 
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On  closer  inspection,  the  idea  behind  wireless  in 
the  carpeted  enterprise  becomes  a  bit  shoddy. 


one  killer  appli¬ 
cation  I  do  see  for 
the  carpeted  enter¬ 
prise  is  voice  over 
Wi-Fi.  This  would  be 
wireless  implement¬ 
ed  as  a  counterpart 
to  the  wired  net¬ 
work,  not  a  replace¬ 
ment  for  it. 


BY  JULIE  BORT 

The  wireless  LAN  unquestionably  has  proven  itself  for  warehouses,  airports  — 
any  place  where  the  floor  covering  is  cement,  tile,  vinyl,  even  dirt.  So  far  WLAN 
has  not  been  a  big  go-to  technology  for  carpeted  offices.  But  this  is  changing 
as  network  executives  discover  the  value  of  WLANs  in  places  such  as  board- 
rooms  and  waiting  rooms  —  areas  that  play  host  to  visitors  and  shifting  arrays  of  devices. 


This  small  step  onto  the  carpet  has  been  followed  by  a  leap  into 
this  marketing-driven  fantasy:  Most  office  workers  already  use  lap¬ 
tops  and  PDAs  with  embedded  WLAN  adapters.  WLANs  are 
becoming  super-speedy  The  next  logical  step  is  making  wireless 
the  only  LAN  connection  inside  the  office  and  out.  Or,  in  the 
words  of  a  Cisco  Aironet  white  paper  on  total  cost  of  ownership, 
“It  is  shortsighted  to  consider  wireless  as  a  small,  pilot  trial  with¬ 
out  considering  the  scalability  and  the  TCO  benefits  across  mul¬ 
tiple  organizations  and  buildings.” 

Certainly  a  few  corporations  have  discovered  the  truth  in  that. 
After  a  fast-food  giant  held  a  small  WLAN  trial  about  five  years 
ago,  it  rolled  out  a  production  network  that  became  wildly  popu¬ 
lar.  Today  wireless  is  the  only  connection  most  employees  want 
to  use,  noted  Gary  Tomanich,  a  senior  network  analyst  for  the  fast- 
food  chain  in  a  recent  Network  World  article  (www.nwdocfind 
er.  com/5725). 

A  frayed  fabric 

For  most  enterprises,  however,  WLAN  technology  is  not  hardy 
enough  to  rival  wired  Ethernet.  For  starters,  802.11  implemen¬ 
tations  are  based  on  shared  Ethernet,  which  requires  carrier- 
sense  multiple  access  with  collision  detection  —  a  step  back 
from  the  collision  isolation  afforded  by  the  wired  worlds 
switched  networks,  users  say.  Plus,  802. 1  lb/g  “accommodates 
the  client  with  the  weakest  signal  and  throughput  connection” 
by  sharing  the  Ethernet  at  the  slowest  rate  of  connection,  says 
Mike  Sinno,  director  of  IT  infrastructure  at  Cooper  University 
Hospital  in  Mount  Laurel,  N.J.  He  oversees  an  802.11a  WLAN 
comprising  210  Cisco  access  points  and  a  traditional  Ethernet 
network  with  a  gigabit  backbone.  Configuring  WLANs  to  allow 
only  higher-speed  connections  could  reduce  the  coverage 
area  of  a  network’s  access  points,  which  means  more  of  them 
will  be  needed. 

If  employees  use  the  LAN  only  for  light  applications,  such  as 
email  or  Web  surfing,  802.1  lb/g  —  and  802.11a  —  could  be  fine. 
If  they  use  latency-sensitive  applications  or  consume  bandwidth 
like  potato  chips,  network  executives  are  going  to  want  to  stick 
with  the  wires.  Bandwidth-hungry  medical  digital  images  are  a 
prime  example;  they’re  one  reason  that  Sinno  says  he  isn’t  yank¬ 
ing  out  the  LAN, even  though  the  hospital  uses  802.1  la. 

Even  if  users  go  easy  on  the  bandwidth,  other  technical  issues 


arise  as  the  popularity  of  wireless  grows,  says  George  West,  senior 
analyst  at  research  firm  West  Technology  Research  Solutions.  He’s 
skeptical  that  WLANs  will  become  the  de  facto  LAN  in  the  car¬ 
peted  enterprise,  at  least  over  the  next  few  generations  of  WLAN 
technology“What’s  not  really  been  addressed  is  the  issue  of  spec¬ 
trum  saturation,”  he  says.  If  every  PC  in  an  enterprise  is  on  a 
WLAN,  as  are  Wi-Fi  phones  and  other  devices,  the  network  will 
need  to  support  voice  and  video.This  will  saturate  the  WLAN  and 
kill  performance,  he  says. 

In  this  imaginary  future,  the  response  would  be  to  bolster  the 
network  with  compression  and  other  “cooperative,  sharing  tech¬ 
nologies,”  West  says.  “If  you  have  to  add  management  services  to 
make  it  work,  that’s  an  inhibitor  to  the  enterprise.”  It  also  kills  that 
TCO  Cisco  wants  you  to  examine. 

Still, believers  in  the  carpeted  enterprise  make  convincing  coun¬ 
terarguments.  Craig  Mathias,  principal  at  the  Farpoint  Group,  says 
those  who  question  shared  LAN  links  should  remember  that  all 
Ethernet  is  a  shared  medium  at  some  point.  As  for  forcing  every¬ 
one  onto  the  slowest-speed  link, he  says, “Don’t  mix  802.1  lb  and  g 
on  the  same  channel.  That’s  just  foolish.”  Plus,  he  notes, “11a  per¬ 
forms  well  enough  for  full-fledged  enterprise  use.”  He  predicts  the 
carpeted  enterprise  will  be  the  norm  within  two  years.Tve  been 
doing  wireless  for  15  years  and  haven’t  seen  any  reason  why  wire¬ 
less  won’t  become  the  default  LAN  for  the  enterprise,”  he  says. 

The  right  fabric  for  Vo-Fi 

I’m  not  so  sure. While  some  of  the  fantasy  likely  will  materialize, 
I  can’t  see  most  enterprises  yanking  out  functional,  high-speed 
LANs,  only  to  struggle  up  a  steep  learning  curve  for  wireless.  The 
one  killer  application  I  do  see  for  the  carpeted  enterprise  is  voice 
over  Wi-Fi  (Vo-Fi).This  would  be  wireless  implemented  as  a  coun¬ 
terpart  to  the  wired  network,  not  a  replacement  for  it. 

By  2010,  Wi-Fi-enabled  phone  shipments  will  hit  22  million 
worldwide,  compared  with  an  estimated  1.8  million  this  year, 
West’s  research  shows.  Untethering  the  office  phone  makes  sense 
in  all  kinds  of  situations.  Cooper  University  Hospital  is  upgrading 
its  WLAN  to  enable  Vo-Fi  for  nurses,  Sinno  says.  And,  sauntering 
into  fantasyland  once  more,  look  at  the  possibilities  with  Wi-Fi- 
equipped  cell  phones  —  transferring  calls  from  the  public  net¬ 
work  to  the  free  WLAN  when  they  enter  WLAN  range.  Now  that’s 
an  application  that  won’t  pull  the  rug  out  from  under  you.  ■ 
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Server  shipment  increases  but  virtualization  continues  ^ 

to  slow  new  server  sales 

By  Deni  Connor 
IDC  releases  Q2  server  market  share  figures 

IDC  announced  its  server  market  share  figures  last  week.  Server  factory 
revenue  grew  almost  1%  to  $12.3  billion  in  the  secondquarter  of  2006.  IDC 
says  server  factory  revenue  represents  those  dollars  recognized  by  multi-user 
system  and  server  vendorsfor  industry  standard  servers  and  upgrade  units  sold 
through  direct  and  indirect  channels. 

Unit  shipment  growth  grew  8.3%  year  over  year,  the  eighth  consecutive 
quarter  of  slowing  overall  shipment  growth.  Althoughthere  was  growth  in  the 
volume  server  segment  -  those  servers  under  $25,000  -  new  server  sales  are 
slowing  due  to  the  useof  server  virtualization  in  customer  organizations. 
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RELAX.  YOU’RE  IN  CONTROL  NOW. 

Manage  remote  offices  from  wherever  you  are. 

Secure  your  Data  Center.  No  software  licensing  fees. 


::  UltraLink™ 
Digital  KVM  IP 


State  of  the  art  security 

Dependable,  Powerful,  Secure,  Guaranteed 

24/7  Mission  Critical  Reliability 
Industry  Best  Video 
USB,  PS/2,  Serial  Support 
Single,  Dual,  Quad  Models 


Digital  KVM  IP 
Switches 

Switch  &  control  l,OOOs 
of  computers  &  network 
devices  over  IP 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


Multi-platform 
KVM  switches 

Switch  &  control  l,OOOs  of 
computers  and  network 
devices 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


KVM  Extenders 

Extends  keyboard,  video, 
and  mouse  signals  up  to 
33,000  feet 

Fiber,  CATx 
DVI,  VGA,  High  Res. 
PS/2,  USB,  Sun 
Audio,  Serial 
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KVM  Rack  Drawers! 

The  most  efficient  way  to 
organize  your  server  room. 

1U  or  2U 

15",  17",  19"  or  20" 

VGA,  DVI 

PS/2,  USB,  or  Sun 

Touchpad  or  Trackball 


Panel  Mount  LCD 

Mounts  vertically  in  a 
standard  19"  rack. 

15",  17”,  19",  20",  or  23" 

VGA,  DVI,  S-Video 

Optional  Touchscreen 

Optional  Built-in  KVM  Extenders  ■ 
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.INFRASTRUCTURE  LOG 

_DAY  28:  These  slow,  inefficient  boxes  don’t  have  enough 
power  to  run  my  high-end  business  apps.  They  don’t  have 
enough  power  to  do  anything  except  crash. 

.Need  sleep.  Will  try  to  dream  that  I  am  I.T.  King  of  a 
planet  that  only  produces  really  powerful  servers. 

.DAY  30:  I’ve  got  it:  the  IBM  System  x™  with  the  AMD 
Opteron™  Processor.  It  has  more  power  and  more  efficiency 
than  I  ever  imagined  in  a  standards-based  server.  IBM 
Xcelerated  Memory  Technology™  can  let  us  access  data  up 
to  15  percent  faster  than  other  servers  for  maximized 
performance.*  I  can  finally  sleep  in  my  own  bed  again. 

_I  have  taken  back  control.  I  am  Ned,  benevolent  I.T. 
King  of  this...uh,  data  center. 


IBM  COM/TAKEBACKCONTROL/X 


Diskeeper  2007  marks  the  dawn  of  the  first  ever  truly  automatic  software  of  its  kind.  As  automatically  as 
the  sun  rising,  with  Diskeeper  2007  deployed  your  systems  will  run  faster  -  period.  Through  the  use  of 
brand-new  InvisiTasking™  technology,  Diskeeper  eliminates  potential  problems  on  the  fly,  IN  REAL  TIME 
without  affecting  system  resources  or  intruding  on  system  demands. 

Moving  beyond  the  concept  of  “Set  It  and  Forget  It,”®  Diskeeper  2007  represents  a  quantum  leap  in 
system  performance  and  reliability.  Simply  install  the  software  —  Diskeeper  takes  care  of  the  rest. 

New!  Real-time  defragmentation  automatically  and  transparently  handles  fragmentation  as  it 
occurs  providing  maximum  system  performance  at  all  times! 

I-FAAST™  2.0  (Intelligent  File  Access  Acceleration  Sequencing  Technology)  dramatically  increases 
file  access  by  up  to  80%  above  and  beyond  the  improvement  of  defragmentation  alone. 


A  truly  invisible  system 
maintenance  technology. 

InvisiTasking  provides  truly 
transparent  system 
maintenance  by  intelligently 
enhancing  operating  system 
multitasking  to  ensure  continual 
maximum  system  performance 
and  zero  resource  conflict  even 
during  periods  of  highest 
demand.  InvisiTasking  is  the 
foundation  for  Diskeeper  to 
eliminate  fragmentation  in  real¬ 
time  without  affecting  system 
resources  or  intruding  on 
system  demands. 


Diskeeper 


Enhancing  File  System  Performance 

—  Automatically Tr 


2007 


Terabyte  Volume  Engine™  2.0  -  Powerful  defragmentation  for  high  capacity  &  high  traffic 
servers  with  disk  volumes  containing  hundreds  of  thousands  to  millions  of  files  (e.g.  NAS,  RAID, 
and  SAN).  Also  allows  unobtrusive,  thorough  free  space  consolidation  on  busy  24/7  servers. 

FragShield™  dynamically  prevents  fragmentation  of  critical  system  files,  maintaining  system 
stability  and  reliability. 
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Try  New  Diskeeper  2007 
Free  For  45  Days! 

www.diskeeper.com/nw2007 


Automatic  online  directory  consolidation  boosts  anti-virus  scans  and  back-up  speed. 


(Note:  Special  45  day  trial  only  available  at  the  above  link) 


Every  system  will  benefit  from  Diskeeper  2007.  A  site-wide  Diskeeper  installation  will  improve 
performance  and  reliability  on  all  your  systems. 

Experience  the  dawning  of  a  new  era  in  automatic  system  performance 
and  reliability  -  get  Diskeeper  2007  now! 


Volume  licensing  and  Government  and 
Education  discounts  are  available  from  your 
favorite  reseller  or  call: 

800  829-6468  code  4391 
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>go  are  registered  trademarks  or  trademarks  of  Diskeeper  Corporation  in  the  United  States  and/or  other  countries. 
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BUSINESS  JUSTIFICATION 


How  not  to  get  outsourced 

As  more  IT  gets  delegated  to  third  parties,  network  execs  and  staff  must  adapt  to  survive. 


BY  JOANNE  CUMMINGS 


When  Karl  Kaiser  took  over  as  CIO  for 

the  city  of  Minneapolis,  he  found  a  dys¬ 
functional  IT  organization. The  staff 
was  caught  up  in  technology  for  its  own  sake, 
and  very  few  brains  or  dollars  were  focused 
on  the  business  of  running  the  city 


The  city  was  looking  for  busi¬ 
ness  value,  but  we  in  IT  were  per¬ 
ceived  as  the  techies  who  run 
around  with  screwdrivers  and  fix 
machines,”  he  says.  “Over  60%  of 
my  management  energy  and  bud¬ 
get  went  to  just  keeping  the  infra¬ 
structure  alive  —  the  break/fix 
business  of  installing,  maintaining 
and  supporting  computers.  And 
that’s  no  way  to  run  an  IT  shop.” 

Kaiser  decided  to  outsource,  and 
he  did  it  in  a  big  way  He  sold  off 
most  of  his  IT  assets  to  Unisys, 
which  now  runs  Minneapolis’  net¬ 
works,  servers,  desktops  and  help 
desk.  And  as  part  of  the  deal,  the  IT 
staffers  responsible  for  those  areas 
were  shifted  to  Unisys.  Although 
Kaiser  bartered  for  a  nice  arrange 


as  IT  evolves.  According  to  recent 
research  from  Gartner,  by  2010 
most  IT  departments  will  be  30% 
smaller  than  they  were  in  2005, 
caused  in  large  part  by  outsourc¬ 
ing.  IT  is  expected  to  become 
more  business-oriented  by  2010, 
with  six  of  every  10  IT  staffers 
assuming  a  business-facing  role. 

“That’s  the  key”  says  Laurie  Or¬ 
lov,  vice  president  and  research 
director  at  Forrester  Research 
and  author  of  the  recent  report 
“Is  There  a  Career  Future  in 
Enterprise  IT?”  “IT  needs  to  be¬ 
come  much  smarter  about  the 
business  they’re  in,  and  that 
knowledge  will  be  the  thing  that 
saves  them  from  being  out¬ 
sourced,”  she  says. 


Over  60%  of  my  management 
energy  and  budget  went  to 
just  keeping  the  infrastruc¬ 
ture  alive. 


-Karl  Kaiser 

CIO,  City  of  Minneapolis 


ment  (Unisys  was  required  to  offer 
affected  personnel  a  job  at  equal 
or  better  salaries  and  benefits),  the 
staffers,  some  of  whom  had  20- 
year  tenures  with  the  city,  were  no 
longer  a  part  of  the  city’s  IT  depart- 
ment.They  were  outsourced. 

Who  stays 

Experts  say  Minneapolis’  situa¬ 
tion  is  becoming  more  common 


The  future  IT  staffer  won’t  be 
immersed  in  the  back-room 
break/fix  mentalityshe  says.Those 
who  survive  the  push  to  outsourc¬ 
ing  will  be  the  ones  who  under¬ 
stand  technology,  with  all  its 
promise  and  limitations,  but  who 
also  can  readily  see  and  commu¬ 
nicate  how  technology  applies  to 
the  business  to  solve  problems. 

“We  still  need  specialists,  but 


We're  looking  more  at  honing 
a  liberal  arts  mentality  within 
the  IT  group 


they’re  far  fewer  in  number.  We’re 
looking  more  at  honing  a  liberal 
arts  mentality  within  the  IT 
group,”  says  Brian  Young,  CIO  at 
Creighton  University  in  Omaha, 
Neb.,  which  has  outsourced  both 
its  voice  telecommunications 
and  the  networks  supporting  its 
residence  halls. 

Kaiser  says  his  remaining  IT 
staffers  are  all  well-rounded  and 
business  focused.  Four  of  his 
staffers  are  what  he  terms  “service 
delivery  managers,”  who  are 
charged  with  monitoring  and 
maintaining  the  outsourcing  rela¬ 
tionships.  The  rest  are  focused  on 
higher-level  IT  duties,  such  as  ap¬ 
plications,  network  architecture 
and  business-process  redesign. 

“Right  now,  I’m  only  hiring 
business  analysts  and  business 
process  reengineering  people,” 
he  says.  “Because  for  me  it’s  all 
about  the  big  picture.  You  need 
to  figure  out  how  the  business  is 
being  accomplished  today,  and 
then  if  there  is  a  better  way  of 
accomplishing  that  business. 
And  does  that  better  way  lend 
itself  to  automation  or  to  tech¬ 
nology?  Those  are  the  people 
who  are  in  demand.” 

Orlov  agrees.  “Companies  will 
outsource  the  tactical  work  poten¬ 
tially  but  not  the  management  of 
those  vendor  relationships,  not 
the  negotiating  of  contracts  with 
those  vendors,  not  the  application 
of  what  the  vendors  are  doing 
toward  the  business  problems  of 
the  company,  and  most  definitely 
not  the  suggestion  of  innovative 
ways  of  using  technology  in  the 
various  business  groups  in  the 
company  she  says.  “That’s  where 
IT  will  always  have  a  role.” 

Evolving  your  skill  set  to  meet 
the  demands  of  this  business- 
savvy  IT  future  is  not  that  diffi¬ 
cult,  experts  say. 

For  example,  Creighton’s  Young 
says  that  he  uses  a  leadership 
coach  who  trains  his  staff  to  be 
more  business-sawy  “I’m  a  huge 


believer  in  leadership  skills,  so 
everyone  here,  whether  they’re  a 
programmer,  a  Web  designer  or  a 
sys  admin,  has  the  opportunity  to 
go  through  leadership  develop¬ 
ment,”  he  says.  The  results  have 
been  startling.  “Folks  here  have 
just  blossomed  into  wonderful 
leaders  who  have  now  taken  on 
projects  and  project  management 
and  moved  from  an  entry  role 
into  a  midlevel  or  senior  leader¬ 
ship  role.  It’s  been  a  huge  benefit 
to  them  —  and  to  the  university’ 

Unfortunately,  in  tight  budget 
times,  those  programs  are  usually 
the  first  to  get  cut,  he  says.“But  we 
really  need  to  rethink  that,”  he 
says.“That’s  a  short-sighted  view  of 
professional  development.” 

Gross-training  experience 

Others  say  gaining  business 
expertise  doesn’t  need  to  be  an 
added  expense  and  can  be 
gained  through  mentoring  or 
even  business-side  job  rotation. 
For  example,  Scott  Bright,  a 
researcher  at  Forrester  who 
works  with  Orlov,  says  successful 
IT  staffers  of  the  future  will  most 
likely  have  had  zigzag  careers,  in 
which  they  move  seamlessly 
from  the  IT  side  to  the  business 
side  and  back  again. 

“We  see  people  rotating  from 
the  business  side  to  IT’  he  says, 
noting  a  recent  case  in  which 
nurses  who  had  gained  expertise 
in  certain  systems  went  to  the  IT 
side  to  help  implement  and  aug¬ 
ment  those  systems.  “They  had 
gained  expertise  through  hands- 
on  experience  and  were  able  to 
leverage  that  experience  in  IT’  he 
says.  “And  we  also  see  rotation 


-Brian  Young 

CIO,  Creighton  University 

from  IT  to  the  business,  providing 
IT  with  more  depth  and  knowl¬ 
edge  of  how  the  business  works 
through  daily  interaction  and 
work  experience  while  on  the 
business  side.” 

Bright  says  the  forward-thinking 
CIO  will  ensure  staffers  are  trained 
in  the  business  and  that  in  many 
cases  they  will  formalize  these 
mentoring  and  rotation  plans.  “It 
should  become  almost  a  check¬ 
point  over  the  course  of  your  IT 
career,  prior  to  promotions  or 
major  moves  within  IT,  that  you 
move  into  the  business  to  broad¬ 
en  your  skill  base  and  understand 
what  the  business  is  doing.” 

In  the  end,  Kaiser  says  this  view 
of  the  future  is  something  IT 
should  embrace,  not  fear.  “You 
shouldn’t  view  outsourcing  as  a 
threat,”  he  says.  “Instead,  look  at  it 
as  a  challenge.  Get  yourself  in 
shape  to  be  able  to  do  more  busi¬ 
ness-oriented  tasks  like  manage 
an  outsourcing  contract  or  be¬ 
coming  the  company  interface  to 
the  outsourcer.  Those  things  can 
never  be  outsourced.” 

And  they’re  far  more  interesting 
in  terms  of  a  career  than  the  typi¬ 
cal  technology-centric  position. 
“You  get  to  keep  an  eye  on  the 
future  and  emerging  technolo¬ 
gies,  and  you  make  sure  you  are 
abreast  of  what’s  happening  in  the 
industry?’  he  says.  “That  way  you 
become  more  focused  on  what 
you  do  with  technology  rather 
than  technology  itself.” 

Cummings  is  a  freelance  writer 
in  North  Andover,  Mass.  She  can 
be  reached  at  jocummings@com 
cast.net. 
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The  CMS-6R4  Console  Management  Switch  is  the  ultimate  tool  for  economical 
Remote  Network  Management.  Six  serial  ports  to  access  you  equipment’s  console 
ports,  Four  power  outlets  to  perform  remote  reboot  or  On/Off  control  plus  an  internal  modem 
with  dial-back  features  for  secure  out-of-band  access  -  all  in  a  space  saving  1 U  package!  System 
administrators  can  access  remote  devices  from  anywhere  via  telnet,  dial-up,  local  terminal  or  KVM  switch. 


Web  Browser  Access  for  Easy  Setup  and  Operation 
Telnet,  Internal  Modem  and  Serial  Access 
Four  Individually  Switched  Power  Outlets 
Six  DB-9  Serial  Console  Ports 
Port  Specific  Password  Protection 
Dial-Back  Security  on  Modem  Port 
Requires  Only  One  Rack  Unit 
Non-Connect  Port  Buffering 
Data  Rate  Conversion 
120  VAC  Model  -  NEMA  5-15  Outlets 
208/240  VAC  Model  -  IEC320  Outlets 
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CONSOLE  MANAGEMENT  SWITCH 
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Demo  Room,  Irvine,  CA 
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^Change  Network  Parameters 


Yes,  We  are  Customer  Friendly! 


Visit  Website  for  Complete  NetReach™  Product  Line 
(800)  854-7226  •  www.wti.com 
5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 


✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  for  an  Online  Demo 
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Unlike  a  SPAN  port,  TAPs  guarantee  a  Copper nTAPs 

complete  copy  of  full-duplex  data  at  line  10/100 . 

rate  for  your  monitoring  device.  The  result?  10/100/1000  . . 

Knowing  you  have  the  entire  picture  before 

making  important  network  decisions.  SXorLX  $1495 


Learn  more.  Visit  www.networkTAPs.com.  Optical  nTAPs  fl 

One-Channel  .  m 
Two-Channel  .  |§ 
Three-Channel ... 


TM 


Choose  from  a  variety  of  configurations,  options,  and  pricing. 
Free  overnight  delivery* 


www.networkTAPs.com  •  1  -866-GET-nTAP 


RS  C€  ® 


•Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
"TAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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An  ISO-9001:  2000  Company 


877-ADD -RAM9 

(877-233-7269) 


Buy  Top  Quality 
Original  or 
100%  Compatible 
Memory  for  Your 
Desktop,  Laptop  or 
Server. 


100%  COMPATIBLE  MEMORY 


FACTORY  ORIGINAL  MEMORY 
BRAND  NAME  ORIGINAL  MEMORY 


invent 

digital 

$ON  Y 
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Order  online  and 
enter  discount  code 
"NETWW5" 
for  5%  off  of 
your  memory  ordor. 
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Start  with  the  right  rack, 
and  you  can't  go  wrong. 

Get  the  seamlessly  integrated,  fully  compatible  NetShelter®  rack  system  from  APC. 


APC,  the  name  you  trust  for  power  protection,  also 
offers  a  comprehensive  line  of  non-proprietary  racks, 
rack  accessories  and  management  tools  that  ensure 
the  highest  availability  in  a  multi-vendor  environment. 
With  APC's  racks,  accessories,  and  management  tools, 
you  can  design  a  comprehensive  rack  solution  that 
meets  your  availability  needs  for  today  and  that  easily 
scales  up  for  tomorrow. 


Contact  APC  today  and  protect  your  rack  application 
with  Legendary  Reliability. 


P  =  Power  Cooling  Racks 


I  NetShelter  is  completely 
compatible  with  APC's 
award-winning  InfraStruXure® 
architecture,  allowing  you  to 
add  rack,  power  and  cooling 
on  a  scalable  as-needed  basis. 


Need  assistance?  Our  expert  Configure-to-Order 
Team  can  custom  tailor  a  complete  rack-mount 
solution  that  suits  your  specific  requirements. 


The  NetShelter®  SX  is 
vendor  neutral  and  carries 
the  "Fits  like  a  Glove" 
compatibility  guarantee. 


HP/COMPAQ  •  SUN  < 


DELL  -  CISCO  •  LU( 


NetShelter*  SX  starts  at  $1150 
Rack  enclosures  with  advanced  cooling,  power  distribution,  and 
cable  management  for  server  and  networking  applications  in 
IT  environments. 

•Integrated  rear  cable  management  channels  allows  easy 
routing,  management  and  access  to  large  numbers  of  data  cables. 
•3000  lbs.  weight  capacity 

•  Vendor  neutral  mounting  for  guaranteed  compatibility 

•  Toolless  mounting  increases  speed  of  deployment 

Rack  PDU  starts  at  $89.99 

Power  distribution  that  remotely  controls  power  to  individual 

outlets  and  monitors  the  aggregate  power  consumption. 

•Switched,  Metered,  and  Basic  models  available 
•Includes  horizontal-,  vertical-,  and  toolless-mount  varieties. 

•Puts  power  in  the  racks  near  the  equipment  where  it  is  needed  most. 

•  Wide  range  of  input  and  output  connections  from  Single-phase 
to  3-phase. 

Cable  Management  starts  at  $29.99 
Comprehensive  selection  of  accessories  designed  to  organize 
power  or  data  cables  within  a  rack  environment. 

•Eliminates  clutter  and  cable  stress. 

•OU  of  rack  space  with  the  vertical  cable  organizer. 

•Quick-release  tabs,  toolless  mounting. 

Rack-mount  Keyboard  Monitor  starts  at  $1550 
1U  rack-mountable  integrated  keyboard,  monitor  and  mouse. 

•  15"  or  17"  ultra-thin,  LCD  monitor  with  integrated  keyboard. 

•Ease  of  installation  minimizes  support  and  maintenance  costs 
ensuring  lower  cost  of  ownership. 

•Can  be  used  in  a  variety  of  IT  environments  from  computer  rooms 
to  large  data  centers. 

Blanking  Panels  starts  at  $39.99 

Designed  to  improve  cooling  efficiency  by  preventing  air  recirculation 

within  an  enclosure. 

•Occupies  1U  of  rack  space. 

•  Vertical  mounting  rails  with  square  holes. 

•  Toolless  mounting. 

NetBotz*  Security  and  Environmental  starts  at  $889 
Protecting  IT  assets  from  physical  threats. 

•  Visual  monitoring  of  all  activities  in  the  data  center  or  wiring  closet 

•  Third-party  monitoring  via  dry-contacts,  SNMP,  I  PM  I,  0-5V  and  4-20mA 
•User-configurable  alarm  and  escalation  policies 

•  Temperature,  humidity,  and  leak  detection 


©2006  American  Power  Conversion  Corporation.  All  rights  reserved. 

NetBotz  and  NetShelter  are  registered  trademarks  of  American  Power  Conversion  Corporation.  132  Fairgrounds  Road.  West  Kingston,  Rl  02892  USA  AX4A6BFNAM 
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She’s  watching  PHYSICAL  SECURITY  with  video,  motion, 
and  door  switches. 


Video 


She’s  tracking  ENVIRONMENTAL  THREATS  like 
temperatures,  power  failures,  water  on  the  floor,  smoke,  fire, 
and  more. 


She’s  checking  NETWORK  CONNECTIVITY 
and  SERVER  RESPONSE. 


The  IMS-4000  is  a  scaleable,  stand  alone, 
Infrastructure  Monitoring  System  with  data 
trending,  instant  notification,  integrated 
battery  backup,  and  redundant  communi¬ 
cation  paths  for  maximum  reliability. 


Motion 


Temperature 


Humidity 


Water 

•w 

Smoke 


Monitor  everything  that  threatens  your  data  center, 
and  Know  Everything. 

To  learn  more  visit  Or  call  toll  free 

www.ims-4000.com  877-373-2700 


Let  the  Model  135 
Monitor  Your  Site 


The  Model  135  Site  Monitor  is  designed  to  serve  as  your 
"resource  kit”  for  monitoring  and  maintaining  computer, 
communications,  and  specialized  equipment  locations. 

With  a  wide  range  of  built-in  capabilities,  it’s  easy  to  tailor 
a  powerful  site-specific  solution. 

Highlights  include  10/100  Ethernet  and  analog  modem 
connectivity,  serial  port  access  and  text  data  "matching,” 
AC  and  DC  voltage  monitoring,  ping  testing,  and  contact 
closure  inputs  and  outputs.  And  the  web-based  interface 
makes  setup  and  use  a  straight-forward  process. 

For  complete  details  on  the  Model  135,  give  us  a  call  or 
visit  www.gkinc.com/cp/ 
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Gordon  Kapes,  Inc. 

Skokie,  IL  USA  |  Ph  847-676-1750  |  www.gkinc.com/cp/ 


The  Truth  about  Secure-Out-Of-Band 
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Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Of  Band  products,  rely 
on  RADIUS,  TACACS+  and  other  in  band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  of  band  access 
when,  in  fact,  they  otter  only  network  security, 
which  conflicts  with  out  of  band  access. 

A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-based  protocols. 


CDI  offers: 

p-»  Hardware  encryption  over  dial-up 
and  network  connections 
RSA  certified  SecurlD  authentication 
without  a  network. 
r1-*  Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications  «-n 

Remote  Power  control  •-'i 

Homologous  world-wide  approved  •-'i 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbandmanagement.com 


Instantly  Search  Terabytes  of  Text 


Engine  tor 
Mr  Linux 
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Contact  dtSearch  for 
fully-functional  evaluations 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


♦  over  two  dozen  indexed,  unindexed, 
fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF, 
while  displaying  links,  formatting  and 


mages 


♦  converts  other  file  types  (database, 
word  processor,  spreadsheet,  email 
and  attachments,  ZIP,  Unicode,  etc.)  to 
HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic 
Web  content,  with  WYSWYG 
hit-highlighting 

♦  API  supports  .NET/. NET  2.0,  C++,  Java. 
SQL  databases.  New  .NET/.NET  2.0 
Spider  API 


dtSearch®  Reviews 

♦  "Bottom  line:  dtSearch  manages  a 
terabyte  of  text  in  a  single  index  and 
returns  results  in  less  than  a  second" 

-  Info  World 

♦  "For  combing  through  large  amounts 
of  data,  dtSearch  "leads  the  market" 

-  Network  Computing 

♦  "Blindingly  fast"-  Computer  Forensics: 
Incident  Response  Essentials 

♦  "Covers  all  data  sources  ...  powerful 
Web-based  engines"  -  eWEEK 

♦  "Searches  at  blazing  speeds" 

-  Computer  Reseller  News  Test  Center 

♦  "The  most  powerful  document  search 
tool  on  the  market"-  Wired  Magazine 

For  hundreds  more  reviews  —  and 
developer  case  studies  —  see 
www.dtsearch.com 


1-800-IT-FINDS  •  www.dtsearch.com 


Problems  overwhelming  your  current  sniffe 


Advance  to  the  next  level  with  Observer  1 1 .  Now  with  enterprise-strength  VoIP  analysis.  Includes  enhanced  VoIP  troubleshooting, 
integrated  NetFlow  and  sFlow®  support,  MultiHop  Analysis,  and  64-bit  Windows  scalability.  It's  time  to  reset  your  analyzer. 


NETWORK 

INSTRUMENTS 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 

US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 
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info@recurrent.com 

3431  De  La  Cruz  Blvd,  Santa  Clara.  CA  95054  .M»..i.gi..,i.<- 


D-Series  -  Cost  Effective  Server  Racks 

Designed  to  provide  housing  for  servers,  hubs,  routers  and  network  equipment, 
along  with  structured  cabling  components,  these  enclosures  provide  a  highly 
attractive  profile  in  a  robustly  constructed  cabinet  77 0-496-4000 


www.optimaeps.com 


Optima  EPS 

Cabinet*  4  Enclosure* 
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Reading  someone  else's 
issue  of  Network  World? 


HETWQRKWORLP 
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rr?— •VT £r‘  services  onto  MPLS  net 


Subscribe 
today  and 
receive  your 
own  1-year 
subscription 
for  FREE  - 

a  $129.00 
value! 


Go  to  http://apply.nww.com/free 
for  your  free  subscription. 


The  RacSense®  feature  set  has  evolved  to  include 
outlet  level  power  monitoring  and  remote  control. 


►  Turn  off  unused  outlets  to  prevent  an  accidental  overload 

►  Monitor  power  consumption  on  an  individual  outlet  basis 

►  Reboot  locked-up  equipment  from  your  PDA 

►  Eliminate  emergency  service  calls  and  minimize  downtime 

www.racsense.com 
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RFID  can  help  locate  that 
misplaced  server,  HP  says 


SonicWall  boosts 
remote-office  device 
with  wireless  support 

BY  TIM  GREENE 

SonicWall  plans  to  introduce  a  remote-office  appliance  that  elimi¬ 
nates  the  need  for  wired  connections  to  the  sites  where  it  is  deployed. 

The  TZ  190  supports  broadband  wireless  services  from  Cingular, 
Sprint  and  Verizon  (www.nwdocfinder.com/5747),  making  it  possible 
to  use  the  device  in  areas  where  wired  broadband  connections  are 
unavailable. 

In  addition,  the  broadband  capability  could  be  used  to  back  up  a 
landline  if  the  wired  service  fails. 

The  company  says  the  TZ  190  could  be  used  in  retail  stores  that 
want  to  roll  out  broadband  remote  access  to  headquarters.  Many 
chain  stores  have  locations  that  cannot  get  wired  broadband  ser¬ 
vices,  so  the  wireless  option  could  fill  in.  And  airports  might  lack 
wiring  to  connect  retail  kiosks  to  broadband  connections  for  credit 
card  checks,  but  a  broadband  wireless  service  might  be  available. 

The  TZ  190  has  a  PCMCIA  slot  and  software  drivers  to  support 
broadband  wireless  cards  that  are  compatible  with  services  offered 
by  such  U.S.  broadband  wireless  providers  as  Cingular,  Sprint  and 
Verizon.  The  device  also  supports  wired  WAN  connections  that  fail 
over  to  the  wireless  link.  SonicWall  has  worked  with  makers  of  the 
cards  that  are  compatible  with  the  providers’  services,  and  says  the  TZ 
190  supports  those  cards. 

With  a  firewall,  VPN  support,  virus  screening  and  intrusion  preven¬ 
tion  included  in  the  appliance,  it  competes  against  branch-office 
security  gateway  gear  from  Cisco,  Juniper  and  WatchGuard,  although 
they  lack  broadband  wireless  support. 

In  addition  to  the  broadband  support,  the  TZ  190  contains  an  eight- 
port  10/100  Ethernet  switch  that  can  segment  traffic  into  virtual  LANs 
that  enforce  different  security  zones.  So  certain  workstations  attached 
to  the  switch  could  be  restricted  to  use  of  the  Internet  and  the  office 
printer  but  not  certain  application  servers. 

The  device  is  based  on  an  upgraded  hardware  platform  compared 
with  previous  TZ  devices.The  processor  is  a  200MHz  Cavium  Nitrox, 
and  the  box  has  128MB  of  RAM  and  16MB  of  flash  memory. This  com¬ 
pares  with  64MB  of  RAM  and  8MB  of  flash  in  the  TZ  170  (www.nw 
docfinder.com/5748). 

The  switch  is  manageable  via  command-line  interface  through  a 
console  port,  and  also  has  a  Web  interface. TZ  190  costs  $1,000.  ■ 
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BY  ANN  BEDNARZ 

Ever  find  yourself  scouring  rows 
of  data  center  racks  for  a  particu¬ 
lar  device  that  was  retired  from  its 
initial  function  but  might  be  suit¬ 
able  for  a  new  project?  There’s  an 
easier  way  to  zero  in  on  the  loca¬ 
tion  of  IT  gear,  HP  says. 

Last  week  the  vendor  shared 
details  about  a  system  it  tested 
with  grocery  chain  Meijer  that 
uses  radio  frequency  identifica¬ 
tion  (RFID)  technology  to  moni¬ 
tor  and  track  data  center  assets. 

HP’s  system  uses  RFID  readers 
and  tags  to  keep  tabs  on  individ¬ 
ual  servers  and  network  equip¬ 
ment,  as  well  as  server  and  stor¬ 
age  enclosures.  It  monitors  when 
devices  are  added  or  removed 
from  racks,  and  it  can  provide 
historical  data  related  to  the 
location  of  gear. 

“We  tag  each  asset  in  the  data 
center  with  RFID,  and  we  equip 
each  rack  with  our  custom  RFID 
reader^  says  Cyril  Brignone,  R&D 
project  manager  at  HP  Labs.“The 
reader  monitors  the  rack  and  all 
of  the  assets  on  a  specific  rack 
and  reports  their  location  with 
1U  accuracy’ 

Even  if  a  router  or  server  isn’t 
being  used,  it  can  be  detected  if 
it’s  tagged.“If  it  is  set  in  a  rack,  the 
system  will  track  it  —  indepen¬ 
dent  of  the  status  of  the  asset.The 
asset  can  be  on  or  off,  connected 
to  the  network  or  not  connected 
to  the  network,”  Brignone  says. 

HP  Labs  developed  the  tech¬ 
nology  to  help  data  center  man¬ 
agers  improve  the  accuracy  of 
their  inventory  efforts,  increase 
security  and  reduce  data  center 
auditing  costs. 

Many  data  center  managers  use 
manual  inventory  methods  to 
keep  track  of  gear,  which  can  be 
time  consuming  and  error  prone, 
even  when  done  with  barcodes. 
In  addition, many  companies  con¬ 
duct  a  physical  inventory  only 
two  or  three  times  a  year,  and  the 
results  become  outdated  quickly, 
Brignone  says. 

With  HP’s  RFID  tags  and  readers, 
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racks  become  self-managing,  he 
says.  The  readers  recognize  when 
devices  are  moved  or  added  and 
forward  information  about  the 
change  of  status  to  back-end  sys¬ 
tems,  such  as  an  IT  asset  manage¬ 
ment  application. 

The  RFID  data  adds  an  extra 
level  of  detail  to  typical  asset 
management  applications,  which 
focus  on  telling  data  center  man¬ 
agers  where  specific  IT  gear  is 
deployed  in  a  network  and  how 
it  is  linked  to  other  devices.  With 
asset  management  software,  the 
emphasis  is  usually  on  virtual 
dependencies,  not  physical  loca¬ 
tions,  Brignone  says.  “You  don’t 
really  know  where  physically  the 
assets  are,”  he  says.  “There’s  kind 
of  a  mismatch  between  the 
amount  of  data  you  have  on  the 
virtual  side  and  the  amount  of 
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data  you  have  on  the  physical 
side  of  things.” 

With  HP’s  RFID  system,  compa¬ 
nies  will  be  able  to  fill  in  those 
blanks,  Brignone  says. 

HP  hasn’t  yet  put  a  price  on  its 
RFID  system  for  data  center 
asset  tracking.  It  created  proto¬ 
types,  but  they  aren’t  commer¬ 
cially  available.  HP  Labs  just 
completed  its  first  external  test 
of  the  technology  at  Grand 
Rapids,  Mich.-based  Meijer, 
which  operates  170  grocery  and 
specialty  stores. 

HP  isn’t  alone  pursuing  RFID 
asset-tracking  opportunities.  Sun 
offers  similar  RFID  tools  for 
tracking  IT  gear.  In  addition,  a 
number  of  vendors,  such  as 
PanGo  Networks,  target  a 
broader  market  for  wireless- 
enabled  asset  tracking.  ■ 


useful  in  case  the  network  went  down. “There  is  an  option  to  connect 
the  appliance  to  a  phone  line, so  if  the  network  goes  down,  we  can  still 
get  alerting,  and  the  box  won’t  fail,”  he  says. 

Lair’s  license  with  Jumpnode,  which  costs  him  a  bit  less  than  $10,000 
for  three  years,  includes  an  appliance  and  software  hosted  by  the  ven¬ 
dor  that  performs  about  500  checks  across  his  network  of  managed 
devices  and  about  30  servers.“We  got  more  of  a  product  for  less  money 
than  our  two-year  maintenance  agreement  on  the  software,”  he  says. 

He  installed  the  appliance  behind  the  firewall  in  his  network  so  it  can 
easily  access  the  devices,  and  the  Jumpnode  appliance  communicates 


Jumpnode  provides  its  network  monitoring  in  an  appliance,  which  trans¬ 
mits  management  information  to  Jumpnode  data  centers  for  analysis 
and  reporting. 

back  to  the  Jumpnode  data  center  with  management  data.  Jumpnode 
also  offers  agent  software  that  can  be  installed  on  servers  or  other 
devices  that  aren’t  as  easily  polled  via  standard  methods,  such  as  SNMP 
Logging  on  with  a  user  ID  and  password,  Lair  accesses  a  GUI  to  view 
data  and  statistics,  such  as  bandwidth  use  across  WAN  circuits  for  the 
past  six  months,  he  says. 

“We  like  the  fact  that  it  is  practically  maintenance  free,  but  we  would 
like  to  see  it  collect  more  data  from  our  switches  and  routers  and  some 
other  devices, such  as  our  caching  server  that  don’t  use  SNMP’  Lair  says. 

Jumpnode’s  monitoring  appliances  come  in  bundles  that  range  in 
price  from  about  $  1 ,000  for  one  year  to  about  $6,000  for  three  years.The 
subscription  requires  a  12-month  minimum  agreement.® 
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issues.  At  my  current  job,  the 
team  is  local  and  within  earshot 
and  the  need  is  limited." 

There  are  those  who  not  only 
hold  IM  at  bay,  but  in  contempt. 

"IM  is  just  a  phone  call  that 
gives  your  fingers  cramps," 
says  Doug  Murray.  "When  I 
can  coordinate  a  schedule  with 
someone,  I’d  rather  talk.  If  I'm 
in  class,  church  or  a  meeting, 

I'm  there  for  a  reason  and 
would  rather  pay  attention  to 
that,  so  e-mail  me.That  would 
still  be  true  even  if  we  didn't 
block  IM  at  work.” 

"Ah,  instant  messaging,”  adds 
Bill  Dotson.  “The  new-age 
water  cooler,  where  your  bud¬ 
dies  can  find  out  what  you  did 
this  weekend  without  ever  hav¬ 
ing  to  actually  talk  to  you. 
Personally,  I  don’t  need  any  more 
interruptions.  If  the  message  is 
that  important,  call  me  or  stop 
by  my  desk.  Professionally,  even 
though  we  have  had  a  few 
requests  for  instant  messaging 
and  despite  the  media  hype,  I 
have  resisted  IM  as  a  legitimate 
corporate  technology.  I  have  yet 
to  see  a  valid  explanation  of  how 
this  technology  would  benefit 

our  business _ There  are  lots 

of  intrusive  technologies,  and  IM 
has  to  be  one  of  the  most  intru¬ 
sive.  But  riddle  me  this:  If  I  can 
reach  you  anywhere,  anytime  on 
your  cell  phone,  or  I  can  send 
you  an  e-mail  that  you  can  reply 
to  at  your  leisure,  why  do  I  need 
instant  messaging?  Sometimes, 
just  maybe,  you  might  want  to  be 
unavailable.” 

We're  going  to  run  out  of 
supporters  fairly  quickly,  but 
here's  another. 

“I  wouldn't  call  it  indispens¬ 
able;  after  all  e-mail,  e-mail 
delivered  to  mobile  phones/ 
PDAs,  SMS  text  messaging  and 
telephone  calls  all  can  accom¬ 
plish  similar  functions,"  says 
Fuat  Baran.  “However,  in  a  dis¬ 
tributed  work  environment  with 
co-workers  scattered  around 
the  globe,  I  find  instant  messag¬ 
ing  to  be  a  very  useful  tool.  It 
allows  you  to  quickly  ping  some¬ 
one  and  see  if  they  are  available; 
it  allows  you  to  quickly  send 
information,  such  as  a  URL  dur¬ 
ing  a  voice  conversation;  it 
allows  for  some  back-channel 
communication  during  telecon¬ 
ferences  (yes,  this  is  a  two- 
edged  sword,  as  it  can  also  be  a 
distraction);  and  it  accommo¬ 


dates  idle  chitchat  with  remote 
friends.” 

Next  up  we  have  a  former 
two-pack-a-day  man  who's  cut 
down  to  the  occasional  smoke 
at  happy  hour.  “In  the  past  I 
used  IM  every  day,  but  it  seems 
I  have  not  used  it  very  much  at 
all  in  the  past  year,”  says  Chris 
Sloop.  “Maybe  once  or  twice  a 
month  nowadays.  I  could  very 
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easily  do  without  it." 

Here's  another  ex-user  who's 
kicked  the  habit  —  even  though 
IM  dramatically  changed  his  life. 

“IM  is  a  nuisance  I  don't  need, 
but  ironically,  it  is  how  I  courted 
my  wife,”  says  Derek  Rain¬ 
water.  “At  about  the  time  of 
AOL’s  popularity  peak  (’96-’98), 
as  an  entertaining  distraction 
while  working  for  a  small  soft¬ 


ware  development  firm,  I  devel¬ 
oped  an  entirely  online  rela¬ 
tionship  with  the  young  lady 
who  eventually  became  my 
wife.  After  two  years,  we  finally 
met  in  person,  and  our  use  of 
IM  to  communicate  was  com¬ 
pletely  eradicated,  for  obvious 
reasons.  Now,  because  we’re 
married  (five  years)  with  child 
(2  years),  I  have  neither  the 


time  nor  need  for  this  particu¬ 
lar  distraction." 

Aw,  a  happy  ending. 

There’s  plenty  more  from  other 
Brigade  members  in  my  blog, 
www.nwdocfinder.com/5780. 

And  if  you’ve  got  something  to 
add,  you  ’ll  have  to  send  e-mail, 
needless  to  say.  It’s  buzz@nww. 
com. 
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Mark  Gibbs 


The  Year  of  Sleaze? 


fhat  is  the  matter 
'  with  our  industry?  It 
seems  every  day  the 
sleaze  quotient  increases! 

Last  week  1  blogged  some 

comments  that  amused  me  from  Shelby  Bonnie,  the  ex¬ 
chief  executive  of  CNet  Networks,  and  George  Samenuk, 
the  ex-CEO  of  McAfee,  concerning  their  “regrets”  about  the 
stock  option  backdating  scandals  they  were  responsible 
for  (see  www.nwdocfinder.com/5750). 

In  both  cases  the  ex-CEOs  acted  as  if  the  improprieties 
were  accidents  like  the  printer  running  out  of  ink  rather 
than  owning  up  to  what  must  be  the  truth:  that  they  knew 
what  was  going  on,  because  if  they  didn’t  know  then  they 
would  have  to  be  considered  totally  incompetent  as  CEOs. 

Stock  option  backdating  has  been  an  issue  for  a  long 
time.  Last  spring  saw  the  delisting  of  Mercury  Interactive 
following  the  resignation  of  the  CEO  and  two  top  execu¬ 
tives,  and  in  August  the  CEO  and  two  executives  of 
Comverse  Technology  were  canned  and  had  civil  charges 
filed  against  them  by  the  Securities  and  Exchange 
Commission  for  exactly  this  kind  of  sleazy  conniving. 

Similar  scandals  have  involved  Brocade  Communica¬ 
tions  and  Symbol  Technologies,  and  now  are  starting  to 
surround  Apple,  Novell  and  Dell.  If  you  don’t  understand 
why  stock  option  backdating  is  illegal  and  sleazy  you 


should  read  “Backdating  of  Executive  Stock  Option  (ESO) 
Grants”  by  Erik  Lie  of  the  University  of  Iowa  (www.nwdoc 
finder.com/5751). 

That’s  all  big  sleaze. What  about  the  little  stuff? 

One  sleazy  thing  is  a  letter  from  the  so-called  Domain 
Registry  of  America.  If  you  haven’t  received  one  when  one 
of  your  domains  is  about  to  expire, you’re  lucky. 

Domain  Registry  of  America  combs  through  the 
administrative  contacts  list  in  every  Whois  record  it 
can  get  its  hands  on  (very  sleazy)  and  sends  out  let¬ 
ters  that  begin, “As  a  courtesy  [more  sleaze]  to  domain 
name  holders,  we  are  sending  you  this  notification  of 
the  domain  registrations  that  are  due  to  expire  in  the 
next  few  months.” 

Domain  Registry  of  America  does  make  it  clear  that 
you  will  be  transferring  your  registration  to  it  if  you  use 
the  company  to  renew  your  domains,  but  many  people 
could  fail  to  understand  they  don’t  have  to  use  this 
company.  Moreover,  the  prices  it  quotes  are  outrageous: 
$30  for  a  one-year  renewal  and  $95  for  five  years.  My 
registrar,  EasyCGI,  charges  only  $10  for  one  year  and 
$50  for  five  years! 

How  about  your  cell  phone  bill?  I’ve  had  several  people 
tell  me  they’ve  called  their  cell  phone  company  after  find¬ 
ing  incorrect  charges,  and  the  customer  service  represen¬ 
tative  has  reversed  the  items  without  any  complaint. 
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A  suspicious  person  might  think  the  phone  companies 
do  this  intentionally  and  my  experience  with  Cingular 
makes  me  wonder.  I  changed  my  son’s  plan  to  give  him  an 
extra  1,000  text  messages  per  month,  which  two  months 
later  I  have  discovered  hasn’t  been  applied  to  my  bill.The 
error  cost  me  about  $62  extra  per  month.  Now  I  have  to 
waste  time  with  customer  disservice  to  get  this  fixed. 

And  while  I’m  griping  about  Cingular,  after  it  acquired 
AT&T  Wireless  it  did  everything  it  could  to  get  the  old 
AT&T  customers  to  move  to  Cingular.  For  example,  if  you 
wanted  a  new  phone  but  your  contract  hadn’t  expired, 
you  couldn’t  get  one  without  transferring  to  a  Cingular 
plan  that  usually  cost  more  and  or  extended  your  con¬ 
tract  period. 

Other  IT  industry  sleaze:  Spammers  come  to  mind.  A  lot. 
And  as  I  wrote  about  the  other  day  companies  that  sub¬ 
scribe  you  without  your  permission  to  their  newsletters. 
The  increasing  focus  on  digital  rights  management,  the 
most  useless,  anti-consumer  technology  ever. The  govern¬ 
ment’s  continuing  willful  ignorance  of  computers  and  net- 
working.The  list  is  a  long  one. 

I’m  sure  you  have  your  own  examples  of  industry  sleaze 
that  I  hope  you  tell  me  about,  but  my  biggest  question  is 
this:  Will  2006  be  remembered  as  the  Year  of  Sleaze? 

Let  it  out  to  backspin@gibbs.com  or  on  Gibbs  blog. 
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News,  insights  and  oddities 


IT  pros  on  IM:  Indispensable  or  nuisance? 


Paul  McNamara 


This  exercise  started  with  the  assumption  that  I’m  a 
dinosaur  in  my  steadfast  refusal  to  use  instant  messag¬ 
ing.  E-mail,  the  phone,  shouting  and  getting  off  my  butt 
work  fine  99.9%  of  the  time  and  I’m  not  taking  on  another  distraction  to  grab  that  other 
sliver.  So  my  e-mail  question  to  the  Network  World  staff  was:  “Am  I  the  last  holdout . . 
or  are  there  others  here  who  still  do  not  IM?" 

Turns  out  dinosaurs  are  far  from  extinct.  Most  of  my  colleagues  do  not  use  IM  or 
use  it  rarely,  with  a  few  reporting  that  they  did  IM  but  do  no  longer  —  recovering 
IMers,  if  you  will. There  are  hardcore  users,  but  nowhere  near  what  I  had  suspected. 
Journalists  are  an  odd  lot,  however,  so  I  turned  to  a  more  reliable  gauge,  the  mem¬ 
bers  of  my  e-mail  list  called  the  Buzzblog  Brigade.  Is  IM  indispensable  or  just  a  nui¬ 
sance  to  these  tech  professionals? 

Last  time  we  posed  one  of  these  preposterously  loaded  questions  —  “Hypothetical 
Death  Match:  E-mail  vs.  the  Web"  (www.nwdocfinder.com/5779)  —  it  produced  a  lop¬ 
sided  response,  as  e-mail  kicked  the  Web’s  sorry  butt  all  over  cyberspace.This  time 
around  it’s  e-mail’s  first  cousin  that’s  in  for  the  paddling. 

Out  of  courtesy,  though,  we’ll  begin  with  an  IMer,  albeit  one  with  a  familiar  beef. 

"IM  is  somewhat  indispensable  to  me,"  says  Jason  Thomas.  "It 
can  be  annoying  at  times,  but  it  is  always  cool  to  get  a  quick 
hit/feedback/comment  from  a  colleague.  Additionally,  it  is  a  good 
way  to  stay  in  touch  with  folks  you  don’t  see  that  often.  Granted,  it 
will  never  replace  a  phone  call  or  personal  visit.There  are  things 
that  can  only  be  conducted  by  phone  or  in  person,  and  for  that  IM 
is  just  no  substitute.” 

"My  major  complaint  with  all  of  the  various  IM  services  is  their  inter¬ 
connectedness  —  or  incredible  lack  thereof.  I  have  accounts  on  all  the 
major  IM  platforms  —  MSN,  AIM,  Yahoo,  ICQ  and  Gtalk.  Now,  I  use 
Gaim  to  use  all  clients  from  one  application.  I  also  have  a  separate 
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Skype  application.  Of  course,  Skype  is  the  outlier,  but  you  would  think  the  other  ser¬ 
vices  would  be  interoperable  —  especially  given  that  this  technology  is  now  quite 
mature.  I  also  realize  using  an  open  source  app  like  Gaim  probably  limits  some  of  my 
functionality  in  some  cases  —  file  transfers  being  one  of  them.  Nonetheless,  it  is  a  fair 
trade-off  to  get  one  client  as  opposed  to  four.” 

Peer  pressure  drove  our  next  respondent  to  dabble  in  IM,  but  it  wasn’t  enough  to 
get  him  hooked. 

“The  only  reason  I  used  IM  is  that  my  fellow  sysadmin  talked  me  into  it,”  says  John 
Gog.  “With  all  our  other  means  of  getting  hold  of  one  another,  we  dropped  it.  As  a 
social  tool  for  the  home  user,  I  suppose  it  works  well;  my  son  uses  it  a  good  bit.  But 
even  he  jumps  to  e-mail  or  the  phone  more  than  he  uses  IM. . . .  IM  has  become  such  a 
breeding  ground  for  sending  Trojans  and  links  to  places  that  will  give  you  Trojans, 
adware  and  spyware,  that  it’s  become  more  risky  than  e-mail.  In  the  workplace,  it’s  just 
another  distraction  and,  I  suspect,  seldom  gets  used  for  business  purposes.  Of  course, 
since  no  one  around  here  uses  it  for  business  purposes  (officially),  I  can’t  say  that  as 
an  absolute,  but  I’d  be  willing  to  bet  I’m  not  far  wrong.” 

One’s  view  depends  on  the  demands  of  one’s  job,  naturally. 

"I  do  technical  support  and  remote  installation  by  IM  using  ICQ 
with  links  to  AIM,  qhz,  abc  and  every  other  darn  IM  system  that 
matters.  Some  of  it  is  very  critical,  time  dependent  or  just  urgent.  I 
find  IM  indispensable,"  says  Brandon  Sussman.  "In  more  humanis¬ 
tic  endeavors,  I  would  not  consider  using  IM  as  it  is  a  nuisance.  I  do 
not  chat  online.  Ever.” 

"It  depends  on  the  organization,”  agrees  Greg  Martin.  “I  was  part  of  a 
large  outsourcing  company.  We  weren’t  all  on-site  and  my  team  used 
IM  to  stay  in  constant  touch  throughout  the  day. The  back-channel  con¬ 
versations  during  conference  calls  helped  us  get  to  completion  on  the 

See  Net  Buzz,  page  81 
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INTRODUCING  THE  NEW  DELL™  POWEREDGE™  6950  SERVER. 

Meet  the  new  4-socket  Dell™  PowerEdge™  6950  server.  It’s  ideal  for 
your  big  business,  since  it’s  primed  to  handle  all  your  mission-critical 
database  and  virtualization  apps.  And  Dell  tests  leading  operating 
systems  and  applications  on  its  servers  to  help  ensure  seamless 
productivity.  So  the  sky  is  no  longer  the  limit.  Business  solutions 
designed  with  one  company  in  mind.  Yours. 
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